Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2022-35414

Published: July 11, 2022Last modified: November 8, 2023

Description

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time.

Severity score breakdown

ParameterValue
Base score8.8
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSqemuNot affected (7.1.0-r4)
StreamqemuNot affected (8.0.4-r0)

References

ON THIS PAGE