CVE-2022-3872 - Vulnerability Details - OpenCVE

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:7.1.0:-::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc0::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc1::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc2::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc3::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc4::::::

No data.

References

Link	Providers
https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html
https://nvd.nist.gov/vuln/detail/CVE-2022-3872
https://security.netapp.com/advisory/ntap-20221215-0005/
https://www.cve.org/CVERecord?id=CVE-2022-3872

History

Mon, 05 May 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-11-07T00:00:00.000Z

Updated: 2025-05-05T20:23:42.503Z

Reserved: 2022-11-07T00:00:00.000Z

Link: CVE-2022-3872

Vulnrichment

Updated: 2024-08-03T01:20:58.804Z

NVD

Status : Modified

Published: 2022-11-07T21:15:09.610

Modified: 2025-05-05T21:15:46.473

Link: CVE-2022-3872

Redhat

Severity : Moderate

Publid Date: 2022-11-07T00:00:00Z

Links: CVE-2022-3872 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3872", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2025-05-05T20:23:42.503Z", "dateReserved": "2022-11-07T00:00:00.000Z", "datePublished": "2022-11-07T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-12-15T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."}], "affected": [{"vendor": "n/a", "product": "QEMU", "versions": [{"version": "Affected: up to latest v7.1.0-rc4", "status": "affected"}]}], "references": [{"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html"}, {"url": "https://security.netapp.com/advisory/ntap-20221215-0005/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-193", "cweId": "CWE-193"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.804Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20221215-0005/", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-05T20:22:40.169551Z", "id": "CVE-2022-3872", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T20:23:42.503Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20221215-0005/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.804Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-3872", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-05T20:22:40.169551Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T20:23:13.841Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "QEMU", "versions": [{"status": "affected", "version": "Affected: up to latest v7.1.0-rc4"}]}], "references": [{"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html"}, {"url": "https://security.netapp.com/advisory/ntap-20221215-0005/"}], "descriptions": [{"lang": "en", "value": "An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-193", "description": "CWE-193"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-12-15T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-3872", "state": "PUBLISHED", "dateUpdated": "2025-05-05T20:23:42.503Z", "dateReserved": "2022-11-07T00:00:00.000Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2022-11-07T00:00:00.000Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CA070CC-24AA-4C01-9F0F-95510AAD1FEF", "versionEndExcluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "0B7A9793-EF05-47C7-AD2B-608427BA997D", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "AF2A5D26-797F-4F48-B155-1369E5383A49", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "4CAFFA33-3500-4F26-BAA8-5E7361FAB5CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "B01B61C5-2FF3-414E-BFC0-C6629703109E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "3FF10817-AE56-41F7-B9C6-EE1E77137858", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "E44179B6-664C-40AD-865F-7BB2FAD64C39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."}, {"lang": "es", "value": "Se encontr\u00f3 un problema de lectura/escritura de uno en uno en el dispositivo SDHCI de QEMU. Ocurre al leer/escribir el registro del Puerto de Datos del B\u00fafer en sdhci_read_dataport y sdhci_write_dataport, respectivamente, si data_count == block_size. Un invitado malintencionado podr\u00eda utilizar esta falla para bloquear el proceso QEMU en el host, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2022-3872", "lastModified": "2025-05-05T21:15:46.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-11-07T21:15:09.610", "references": [{"source": "[email protected]", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221215-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221215-0005/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-193"}], "source": "[email protected]", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank RivenDell, Siqi Chen, and ningqiang (Huawei) for reporting this issue.", "bugzilla": {"description": "QEMU: sdhci: buffer data port register off-by-one read/write", "id": "2140567", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140567"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-193", "details": ["An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.", "An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."], "name": "CVE-2022-3872", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "virt:rhel/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:8.2/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:av/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2022-11-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3872\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3872"], "statement": "This flaw does not affect the versions of `qemu-kvm` as shipped with Red Hat Enterprise Linux and RHEL Advanced Virtualization, as they do not include support for SDHCI device emulation.", "threat_severity": "Moderate"}