First published: Tue Jan 04 2022(Updated: )
A use after free issue was found in the `hw/scsi/lsi53c895a.c` specifically in `lsi_do_msgout` function. `lsi_do_msgout` function is used to receive message from the OS, and do something based on that message. In this case, one message only has one-byte size.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU qemu | <6.0.0 | |
Fedoraproject Fedora | =37 | |
debian/qemu | <=1:5.2+dfsg-11+deb11u2 | 1:5.2+dfsg-11+deb11u3 1:7.2+dfsg-7+deb12u7 1:9.2.0+ds-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-0216 is a use-after-free vulnerability found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU.
The vulnerability occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function.
A malicious privileged user within the guest can exploit this vulnerability to crash the QEMU process.
The severity of CVE-2022-0216 is medium, with a severity value of 4.4.
To fix the vulnerability, update the affected software to the recommended versions: 1:2.11+dfsg-1ubuntu7.41, 1:4.2-3ubuntu6.24, 1:7.0+dfsg-7ubuntu2.1, 2.0.0+dfsg-2ubuntu1.47+, 1:2.5+dfsg-5ubuntu10.51+, 1:6.2+dfsg-2ubuntu6.6 for Ubuntu and 1:3.1+dfsg-8+deb10u11, 1:5.2+dfsg-11+deb11u3, 1:7.2+dfsg-7+deb12u2, 1:8.1.2+ds-1 for Debian.