CVE-2022-0216 LSI53C895A SCSI Host Bus Adapter emulation has a use-after-free vulnerability that occurs when processing repeated messages to cancel the current SCSI request.
This vulnerability is specifically categorized as a use-after-free vulnerability, because it involves the use of memory which has been freed but is still in use.
It was discovered that the emulated IOX port of the LSI53C895A adapter has a memory leak. This allows a malicious guest to trigger a use-after-free vulnerability in privileged user code, resulting in a privilege escalation.
CVE-2018-5683: Exploiting Use-After-Free Vulnerability in QEMU via IOX Emulation of LSI53C895A Host Bus Adapter - July 18, 2018
On July 18, 2018, it was discovered that the QEMU IOX emulation of the LSI53C895A has a memory leak. This allows a malicious guest to trigger a use-after-free vulnerability in privileged user code, resulting in a privilege escalation.
CVE-2018-5683: Exploiting Use-After-Free Vulnerability in QEMU via IOX Emulation of LSI53C895A Host Bus Adapter - July 18, 2018 What are the solutions to these vulnerabilities? QEMU versions 1.12 and later received a patch that addresses the IOX memory leak. Users must upgrade their QEMU installations to 1.12 or later to protect themselves against these vulnerabilities. What is Red Hat doing to protect customers? Red Hat recommends that customers upgrade to QEMU version 1.12
CVE-2018-5683: Exploiting Use-After-Free Vulnerability in QEMU via IOX Emulation of LSI53C895A Host
Timeline
Published on: 08/26/2022 18:15:00 UTC
Last modified on: 09/01/2022 14:21:00 UTC
References
- https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc4
- https://access.redhat.com/security/cve/CVE-2022-0216
- https://starlabs.sg/advisories/22/22-0216/
- https://gitlab.com/qemu-project/qemu/-/issues/972
- https://bugzilla.redhat.com/show_bug.cgi?id=2036953
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0216