QwikSec

Security Database

CVE

CWE

Training

CVE-2022-0216

Published: Aug 26, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

Vendor	Product	Versions
n/a	QEMU	affected `Affects QEMU < v6.0.0, Fixed in v7.1.0-rc0`

Weaknesses (CWE)

References

https://starlabs.sg/advisories/22/22-0216/

https://bugzilla.redhat.com/show_bug.cgi?id=2036953

https://gitlab.com/qemu-project/qemu/-/issues/972

https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc4

https://access.redhat.com/security/cve/CVE-2022-0216

FEDORA-2022-4387579e67

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.