On Sun, 13 Nov 2022 20:37:20 +0100 Moritz Mühlenhoff <[email protected]>
<[email protected]> wrote:
Source: qemu
CVE-2022-3872[0]:
| An off-by-one read/write issue was found in the SDHCI device of QEMU.
| It occurs when reading/writing the Buffer Data Port Register in
| sdhci_read_dataport and sdhci_write_dataport, respectively, if
| data_count == block_size. A malicious guest could use this flaw to
| crash the QEMU process on the host, resulting in a denial of service
| condition.
Adding some more data to this bug report. The original reproducer
does not work anymore:
https://lists.nongnu.org/archive/html/qemu-stable/2026-02/msg00338.html
which is qemu v9.1.0 (so it's in trixie) and v7.2.13, in bookworm).
I'm not yet sure if the actual bug is fixed or not, though.
Thanks,
/mjt
