Source: qemu X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerability was published for qemu. CVE-2022-3872[0]: | An off-by-one read/write issue was found in the SDHCI device of QEMU. | It occurs when reading/writing the Buffer Data Port Register in | sdhci_read_dataport and sdhci_write_dataport, respectively, if | data_count == block_size. A malicious guest could use this flaw to | crash the QEMU process on the host, resulting in a denial of service | condition. https://bugzilla.redhat.com/show_bug.cgi?id=2140567 https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01161.html If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-3872 https://www.cve.org/CVERecord?id=CVE-2022-3872 Please adjust the affected versions in the BTS as needed.
