add new classifier result

author: Christian Krinitsin <mail@krinitsin.com> 2025-06-05 06:55:18 +0000
committer: Christian Krinitsin <mail@krinitsin.com> 2025-06-05 06:55:18 +0000
commit: 993a7c1ea28968a4479a87ad6c2637a7045d2d51 (patch)
tree: 024d7266fc695c4f93ab6ce0fcd52326f3ac379d /results/classifier/108/other/1171
parent: 2773b5e236e2217a35a53dbc298757610c7bbbc6 (diff)
download: qemu-analysis-993a7c1ea28968a4479a87ad6c2637a7045d2d51.tar.gz
qemu-analysis-993a7c1ea28968a4479a87ad6c2637a7045d2d51.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/results/classifier/108/other/1171 b/results/classifier/108/other/1171
new file mode 100644
index 000000000..834dc1649
--- /dev/null
+++ b/results/classifier/108/other/1171
@@ -0,0 +1,18 @@
+device: 0.893
+network: 0.707
+graphic: 0.528
+boot: 0.357
+other: 0.306
+semantic: 0.293
+PID: 0.237
+debug: 0.192
+socket: 0.150
+vnc: 0.086
+files: 0.066
+performance: 0.063
+permissions: 0.051
+KVM: 0.003
+
+tulip: DMA reentrancy issue leads to stack overflow (CVE-2022-2962)
+Description of problem:
+A DMA reentrancy issue was found in the tulip emulation. When tulip reads or writes to  rx/tx descriptor ( tulip_desc_read/write ) or copies  rx/tx frame(tulip_copy_rx_bytes / tulip_copy_tx_buffers), it doesn't check whether the destination address is its own MMIO address. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.
author	Christian Krinitsin <mail@krinitsin.com>	2025-06-05 06:55:18 +0000
committer	Christian Krinitsin <mail@krinitsin.com>	2025-06-05 06:55:18 +0000
commit	993a7c1ea28968a4479a87ad6c2637a7045d2d51 (patch)
tree	024d7266fc695c4f93ab6ce0fcd52326f3ac379d /results/classifier/108/other/1171
parent	2773b5e236e2217a35a53dbc298757610c7bbbc6 (diff)
download	qemu-analysis-993a7c1ea28968a4479a87ad6c2637a7045d2d51.tar.gz qemu-analysis-993a7c1ea28968a4479a87ad6c2637a7045d2d51.zip