Stefano Garzarella

2 exploits Active since Jan 2022
CVE-2021-4145 WRITEUP MEDIUM WRITEUP
QEMU < 6.2.0 - Denial of Service via NULL Pointer Dereference in Block Mirror Layer
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
CVSS 6.5
CVE-2022-26354 WRITEUP LOW WRITEUP
QEMU <= 6.2.0 - Memory Leak in vhost-vsock Error Handling
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVSS 3.2