Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2022-3872

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

  • Published: Nov 7, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-3872
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.6
  • AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWEs:

Software From Fixed in
qemu / qemu - 7.1.0
qemu / qemu 7.1.0-rc0 7.1.0-rc0.x
qemu / qemu 7.1.0-rc1 7.1.0-rc1.x
qemu / qemu 7.1.0-rc2 7.1.0-rc2.x
qemu / qemu 7.1.0-rc3 7.1.0-rc3.x
qemu / qemu 7.1.0-rc4 7.1.0-rc4.x
qemu / qemu 7.1.0 7.1.0.x