Bug 2149105 (CVE-2022-4172) - CVE-2022-4172 QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record
Summary: CVE-2022-4172 QEMU: ACPI ERST: memory corruption issues in read_erst_record a...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-4172
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2149106 2149108
Blocks: 2137191
TreeView+ depends on / blocked
 
Reported: 2022-11-28 20:37 UTC by Mauro Matteo Cascella
Modified: 2023-05-09 17:45 UTC (History)
16 users (show)

Fixed In Version: qemu-kvm 7.2.0-rc0
Doc Type: If docs needed, set a value
Doc Text:
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. Arbitrary code execution was deemed unlikely.
Clone Of:
Environment:
Last Closed: 2023-05-09 17:45:12 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:2162 0 None None None 2023-05-09 07:13:11 UTC

Description Mauro Matteo Cascella 2022-11-28 20:37:18 UTC 
Memory corruption issues (integer overflow and buffer overflow) were found in the ACPI ERST device of QEMU in the read_erst_record() and write_erst_record() functions. For more information about ACPI ERST, see https://www.qemu.org/docs/master/specs/acpi_erst.html. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. Arbitrary code execution was deemed unlikely.

Upstream patch:
https://lore.kernel.org/qemu-devel/20221019191522.1004804-1-lk@c--e.de/ [v1]
https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk@c--e.de/ [v2]

Upstream issue & commit:
https://gitlab.com/qemu-project/qemu/-/issues/1268
https://gitlab.com/qemu-project/qemu/-/commit/defb7098
Comment 1 Mauro Matteo Cascella 2022-11-28 20:37:48 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 2149106]
Comment 4 errata-xmlrpc 2023-05-09 07:13:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2162 https://access.redhat.com/errata/RHSA-2023:2162
Comment 5 Product Security DevOps Team 2023-05-09 17:45:09 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-4172
Note You need to log in before you can comment on or make changes to this bug.