QwikSec

Security Database

CVE

CWE

Training

CVE-2022-4172

Published: Nov 29, 2022

Modified: Apr 14, 2025

PUBLISHED

Description

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.

Vendor	Product	Versions
n/a	QEMU (ACPI ERST)	affected `Affected: 7.0.0, Fixed: 7.2.0-rc0`

Weaknesses (CWE)

References

https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/

https://gitlab.com/qemu-project/qemu/-/issues/1268

https://gitlab.com/qemu-project/qemu/-/commit/defb7098

FEDORA-2022-22b1f8dae2

vendor-advisory

https://security.netapp.com/advisory/ntap-20230127-0013/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.