CVE-2022-2962
HIGHQemu < 7.1.0 - Denial of Service
Title source: ruleDescription
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
8.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-662
CWE-400
Status
published
Affected Products (1)
qemu/qemu
< 7.1.0
Timeline
Published
Sep 13, 2022
Tracked Since
Feb 18, 2026