VDB
DEBIAN-CVE-2022-3872
DEBIAN-CVE-2022-3872
PUBLISHED
CVSS 8.600000381469727 HIGH
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
Risk Scores
CVSS v3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | qemu | 0, 10.0.2+ds, 10.0.2+ds |
| Debian:12 | qemu | 0, 10.0.0+ds, 10.0.0+ds |
| Debian:11 | qemu | 0, 10.0.0+ds, 10.0.0+ds |
| Debian:14 | qemu | 0, 10.0.2+ds, 10.0.3+ds |
Timeline
- Nov 7, 2022 CVE Published
- Apr 28, 2026 CVE Updated