A NULL pointer dereference was found in the ACPI code of QEMU. The flaw lies in hw/acpi/pcihp.c in pci_write() where the `bus` pointer is used without checking if it's NULL, probably because an invalid selector was supplied. A malicious privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Upstream issue: https://gitlab.com/qemu-project/qemu/-/issues/770 Upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg01491.html
Updated upstream patch: https://www.mail-archive.com/qemu-devel@nongnu.org/msg857944.html (not listing any CVE)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 2036574]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1759 https://access.redhat.com/errata/RHSA-2022:1759
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-4158
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7967 https://access.redhat.com/errata/RHSA-2022:7967