Control: forward -1 https://gitlab.com/qemu-project/qemu/-/issues/1851 Control: severity -1 normal
On Mon, 25 Sep 2023 23:30:54 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <j...@inutil.org> wrote:
Source: qemu X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qemu. CVE-2022-36648[0]: | The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker | device model in QEMU, as used in 7.0.0 and earlier, allows remote | attackers to crash the host qemu and potentially execute code on the | host via execute a malformed program in the guest OS. https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html
This has later been revisited by upstream, setting up the new reference. See also https://www.mail-archive.com/qemu-devel@nongnu.org/msg984090.html /mjt