Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-0216

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

Source

Description

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

Statement

The qemu-kvm package versions as shipped with Red Hat Enterprise Linux and RHEL Advanced Virtualization are not affected by this issue, as they are not built with LSI53C895A support. Releases of Red Hat OpenStack Platform 15 and newer consume fixes directly from the Red Hat Enterprise Linux 8 Advanced Virtualization repository.

Additional Information

Bugzilla 2036953: CVE-2022-0216 QEMU: use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c
CWE-416: Use After Free
FAQ: Frequently asked questions about CVE-2022-0216

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Description

Statement

Additional Information

Vulmon Search

About

Products

Connect