An uninitialized local variable in cputlb tlb_set_page_with_attrs causes a SIGSEGV in io_readx/io_writex via address_space_translate_for_iotlb when a CPU accesses an unmapped IOMMU via memory_region_register_iommu_notifier. Upstream issue: https://gitlab.com/qemu-project/qemu/-/issues/1065 Upstream fix: https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c
According to https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case, bugs affecting the Tiny Code Generator (TCG) are not considered security bugs at this time. As a result, Red Hat Product Security does not consider this bug to be a security issue.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-35414