blob: 834dc1649825f455cebe91a34dac6b303e4d2f21 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
device: 0.893
network: 0.707
graphic: 0.528
boot: 0.357
other: 0.306
semantic: 0.293
PID: 0.237
debug: 0.192
socket: 0.150
vnc: 0.086
files: 0.066
performance: 0.063
permissions: 0.051
KVM: 0.003
tulip: DMA reentrancy issue leads to stack overflow (CVE-2022-2962)
Description of problem:
A DMA reentrancy issue was found in the tulip emulation. When tulip reads or writes to rx/tx descriptor ( tulip_desc_read/write ) or copies rx/tx frame(tulip_copy_rx_bytes / tulip_copy_tx_buffers), it doesn't check whether the destination address is its own MMIO address. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.
|