CVE-2022-4172

Summary

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.

Affected Software

VendorProductVersion RangeStatus
n/aQEMU (ACPI ERST)Affected: 7.0.0, Fixed: 7.2.0-rc0affected

Weaknesses

  • CWE-120: CWE-120, CWE-190

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References