CVE-2022-2962
HIGHQEMU 4.2.0-7.0.0 - Denial of Service via Tulip DMA Reentrancy
Title source: llmDescription
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://gitlab.com/qemu-project/qemu/-/issues/1171
Patch, Third Party Advisory x_refsource_misc
https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182
Scores
CVSS v3
7.8
EPSS
0.0040
EPSS Percentile
31.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-662
CWE-400
Status
published
Products (1)
qemu/qemu
4.2.0 - 7.1.0
Published
Sep 13, 2022
Tracked Since
Feb 18, 2026