What is CVE-2022-0216?

CVE-2022-0216 is a use-after-free vulnerability found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU.

How does the vulnerability occur?

The vulnerability occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function.

How can a malicious user exploit this vulnerability?

A malicious privileged user within the guest can exploit this vulnerability to crash the QEMU process.

What is the severity of CVE-2022-0216?

The severity of CVE-2022-0216 is medium, with a severity value of 4.4.

How can I fix the vulnerability?

To fix the vulnerability, update the affected software to the recommended versions: 1:2.11+dfsg-1ubuntu7.41, 1:4.2-3ubuntu6.24, 1:7.0+dfsg-7ubuntu2.1, 2.0.0+dfsg-2ubuntu1.47+, 1:2.5+dfsg-5ubuntu10.51+, 1:6.2+dfsg-2ubuntu6.6 for Ubuntu and 1:3.1+dfsg-8+deb10u11, 1:5.2+dfsg-11+deb11u3, 1:7.2+dfsg-7+deb12u2, 1:8.1.2+ds-1 for Debian.

Vulnerability/
CVE-2022-0216

medium

4.4

CWE

416

4/1/2022

26/8/2022

20/9/2023

CVE-2022-0216: Use After Free

First published: Tue Jan 04 2022(Updated: )

A use after free issue was found in the `hw/scsi/lsi53c895a.c` specifically in `lsi_do_msgout` function. `lsi_do_msgout` function is used to receive message from the OS, and do something based on that message. In this case, one message only has one-byte size.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
QEMU qemu	<6.0.0
Fedoraproject Fedora	=37
ubuntu/qemu	<1:2.11+dfsg-1ubuntu7.41	1:2.11+dfsg-1ubuntu7.41
ubuntu/qemu	<1:4.2-3ubuntu6.24	1:4.2-3ubuntu6.24
ubuntu/qemu	<1:7.0+dfsg-7ubuntu2.1	1:7.0+dfsg-7ubuntu2.1
ubuntu/qemu	<2.0.0+dfsg-2ubuntu1.47+	2.0.0+dfsg-2ubuntu1.47+
ubuntu/qemu	<1:2.5+dfsg-5ubuntu10.51+	1:2.5+dfsg-5ubuntu10.51+
ubuntu/qemu	<1:6.2+dfsg-2ubuntu6.6	1:6.2+dfsg-2ubuntu6.6
debian/qemu	<=1:3.1+dfsg-8+deb10u8<=1:5.2+dfsg-11+deb11u2	1:3.1+dfsg-8+deb10u11 1:5.2+dfsg-11+deb11u3 1:7.2+dfsg-7+deb12u3 1:8.2.1+ds-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-5772-1

Frequently Asked Questions

What is CVE-2022-0216?
CVE-2022-0216 is a use-after-free vulnerability found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU.
How does the vulnerability occur?
The vulnerability occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function.
How can a malicious user exploit this vulnerability?
A malicious privileged user within the guest can exploit this vulnerability to crash the QEMU process.
What is the severity of CVE-2022-0216?
The severity of CVE-2022-0216 is medium, with a severity value of 4.4.
How can I fix the vulnerability?
To fix the vulnerability, update the affected software to the recommended versions: 1:2.11+dfsg-1ubuntu7.41, 1:4.2-3ubuntu6.24, 1:7.0+dfsg-7ubuntu2.1, 2.0.0+dfsg-2ubuntu1.47+, 1:2.5+dfsg-5ubuntu10.51+, 1:6.2+dfsg-2ubuntu6.6 for Ubuntu and 1:3.1+dfsg-8+deb10u11, 1:5.2+dfsg-11+deb11u3, 1:7.2+dfsg-7+deb12u2, 1:8.1.2+ds-1 for Debian.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/launchpad-cve
source/Launchpad
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-0216
collector/security-tracker-debian
source/Debian
collector/usn-cve
source/Ubuntu
vendor/qemu
canonical/qemu qemu
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/37
package-manager/debian
package-manager/ubuntu