14 lines
1.5 KiB
JSON
14 lines
1.5 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-2136",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2136",
|
|
"title": "An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Medium",
|
|
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\n\n\t\tQEMU has two operating modes:\n\n\t\tFull system emulation. In this mode, QEMU emulates a full system (for example a PC),\n\t\tincluding one or several processors and various peripherals. It can be used to launch\n\t\tdifferent Operating Systems without rebooting the PC or to debug system code.\n\n\t\tUser mode emulation. In this mode, QEMU can launch processes compiled for one CPU on another CPU.\n\t\tIt can be used to launch the Wine Windows API emulator (https://www.winehq.org) or to ease\n\t\tcross-compilation and cross-debugging.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.(CVE-2022-4144)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-4144",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4144",
|
|
"severity": "Medium"
|
|
}
|
|
]
|
|
} |