Bug 2124911 (CVE-2022-35414) - CVE-2022-35414 QEMU: cputlb: uninitialized read during address translation leads to a crash
Summary: CVE-2022-35414 QEMU: cputlb: uninitialized read during address translation le...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-35414
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2105986
TreeView+ depends on / blocked
 
Reported: 2022-09-07 12:51 UTC by Mauro Matteo Cascella
Modified: 2023-04-04 12:50 UTC (History)
25 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-11-25 06:54:37 UTC
Embargoed:


Attachments (Terms of Use)

Description Mauro Matteo Cascella 2022-09-07 12:51:48 UTC
An uninitialized local variable in cputlb tlb_set_page_with_attrs causes a SIGSEGV in io_readx/io_writex via address_space_translate_for_iotlb when a CPU accesses an unmapped IOMMU via memory_region_register_iommu_notifier.

Upstream issue:
https://gitlab.com/qemu-project/qemu/-/issues/1065

Upstream fix:
https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c

Comment 1 Mauro Matteo Cascella 2022-09-07 13:01:57 UTC
According to https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case, bugs affecting the Tiny Code Generator (TCG) are not considered security bugs at this time. As a result, Red Hat Product Security does not consider this bug to be a security issue.

Comment 2 Product Security DevOps Team 2022-11-25 06:54:34 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-35414


Note You need to log in before you can comment on or make changes to this bug.