CVE-2022-36648: Null Pointer Dereference
First published: Tue Aug 22 2023(Updated: )
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU qemu | <=7.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this QEMU hardware emulation vulnerability?
The vulnerability ID is CVE-2022-36648.
What is the severity level of CVE-2022-36648?
CVE-2022-36648 has a severity level of critical.
How does CVE-2022-36648 affect the affected software?
CVE-2022-36648 affects QEMU version 7.0.0 and earlier.
How can a remote attacker exploit CVE-2022-36648?
A remote attacker can exploit CVE-2022-36648 by executing a malformed program in the guest OS, which can crash the host qemu and potentially execute code on the host.
Are there any references available for CVE-2022-36648?
Yes, you can find more information about CVE-2022-36648 in the following references: [Link 1](https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html), [Link 2](https://security.netapp.com/advisory/ntap-20231006-0004/).
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/qemu
- canonical/qemu qemu
- version/qemu qemu/7.0.0