CVE-2022-0216

Summary

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

Affected Software

VendorProductVersion RangeStatus
n/aQEMUAffects QEMU < v6.0.0, Fixed in v7.1.0-rc0affected

Weaknesses

  • CWE-416: CWE-416 - Use After Free

ADP Enrichment

CVE Program Container

Additional References

References