CVE-2022-1050: 2069625 – (CVE-2022-1050) CVE-2022-1050 QEMU: pvrdma: use-after-free issue in pvrdma_exec_cmd()

Bug 2069625 (CVE-2022-1050) - CVE-2022-1050 QEMU: pvrdma: use-after-free issue in pvrdma_exec_cmd()

Summary: CVE-2022-1050 QEMU: pvrdma: use-after-free issue in pvrdma_exec_cmd()

Keywords:

Status:

CLOSED NOTABUG

Alias:

CVE-2022-1050

Product:

Security Response

Classification:

Other

Component:

vulnerability

Sub Component:

Version:

unspecified

Hardware:

All

OS:

Linux

Priority:

low

Severity:

low

Target Milestone:

—

Assignee:

Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

2069627

Blocks:

2066710 2069629

TreeView+

depends on / blocked

Reported:

2022-03-29 09:45 UTC by Mauro Matteo Cascella

Modified:

2022-04-28 16:05 UTC (History)

CC List:

25 users (show)

Fixed In Version:

qemu 2.20.1

Doc Type:

—

Doc Text:

A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.

Clone Of:

Environment:

Last Closed:

2022-03-29 14:31:14 UTC

Attachments

(Terms of Use)

Add an attachment (proposed patch, testcase, etc.)

Description Mauro Matteo Cascella 2022-03-29 09:45:38 UTC

Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.

Upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2022-04/msg00273.html

Comment 1 Mauro Matteo Cascella 2022-03-29 09:58:04 UTC

Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 2069627]

Comment 2 Product Security DevOps Team 2022-03-29 14:31:11 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-1050

Note You need to log in before you can comment on or make changes to this bug.