CVE-2022-4172

Source
https://cve.org/CVERecord?id=CVE-2022-4172
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4172.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-4172
Downstream
Related
Published
2022-11-29T00:00:00Z
Modified
2026-07-08T06:03:22.309791173Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the readerstrecord() and writeerstrecord() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "Affected: 7.0.0, Fixed: 7.2.0-rc0"
                },
                {
                    "last_affected": "Affected: 7.0.0, Fixed: 7.2.0-rc0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/4xxx/CVE-2022-4172.json",
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-120"
    ]
}
References

Affected packages

Git / github.com/qemu/qemu

Affected ranges

Type
GIT
Repo
https://github.com/qemu/qemu
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:qemu:qemu:7.0.0:-:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.0.0-NA"
        },
        {
            "last_affected": "7.0.0-NA"
        }
    ]
}

Affected versions

7.*
7.0.0-NA
v7.*
v7.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4172.json"

Git / gitlab.com/qemu-project/qemu

Affected ranges

Type
GIT
Repo
https://gitlab.com/qemu-project/qemu
Events
Database specific
{
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:qemu:qemu:7.0.0:-:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.0.0-NA"
        },
        {
            "last_affected": "7.0.0-NA"
        }
    ]
}

Affected versions

7.*
7.0.0-NA

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4172.json"