Fedora 37 update for qemu
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-14394 CVE-2021-3638 CVE-2022-4172 CVE-2022-4144 |
| CWE-ID | CWE-835 CWE-787 CWE-190 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system qemu Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Infinite loop
EUVDB-ID: #VU73788
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-14394
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. A privileged user on the guest OS can consume all available system resources and cause denial of service conditions of the QEMU process on the host.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 37
qemu: before 7.0.0-12.fc37
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2022-22b1f8dae2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU72306
Risk: Medium
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3638
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the ATI VGA device emulation of QEMU within the ati_2d_blt() routine while handling MMIO write operations. A malicious guest can crash the QEMU process on the host.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 37
qemu: before 7.0.0-12.fc37
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2022-22b1f8dae2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU72299
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-4172
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the read_erst_record() and write_erst_record() functions in the ACPI Error Record Serialization Table (ERST) device of QEMU. A malicious guest can overrun the host buffer allocated for the ERST memory device and crash the QEMU process on the host.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 37
qemu: before 7.0.0-12.fc37
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2022-22b1f8dae2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU71136
Risk: Medium
CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-4144
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the qxl_phys2virt() function in the QXL display device emulation in QEMU. A malicious guest user can trigger an out-of-bounds read error and crash the QEMU process on the host
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 37
qemu: before 7.0.0-12.fc37
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2022-22b1f8dae2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
