Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2962

Sept. 13, 2022, 8:15 p.m. |

National Vulnerability Database nist.gov

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

cve qemu

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

IT Security Engineer

@ Stylitics | New York City

Information Security Engineer

@ VDA Labs | Remote

Information Security Analyst

@ Metropolitan Transportation Commission | San Francisco, CA

Personnel Security Specialist I

@ NT Concepts | Remote

Cyber Security Manager (SOC/Threat Detection)

@ Nubank | São Paulo

Personnel Security Specialist II

@ NT Concepts | Remote

Infrastructure Consultant - Graduate

@ Netcompany | Leeds, United Kingdom

Senior Cloud Network Security Engineer with expertise in WIFI technologies

@ Uni Systems | Luxembourg, Luxembourg, Luxembourg

DevSecOps Engineer - TOP SECRET Clearance Required - Colorado Springs/Denver/Pueblo

@ Spry Squared, Inc. | Colorado Springs, CO, United States

Product Security Associate

@ Mekari | Jakarta, Jakarta, Indonesia