DEBIAN-CVE-2022-4172

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-4172

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-4172.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-4172

Upstream

CVE-2022-4172

Published

2022-11-29T18:15:10Z

Modified

2025-09-25T22:40:25Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the readerstrecord() and writeerstrecord() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.

References

https://security-tracker.debian.org/tracker/CVE-2022-4172

Affected packages

Debian:12 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.2+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.2+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.2+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}