[Debian] High CVE: CVE-2022-1050 qemu: a use-after-free condition

Bug #2059901 reported by Yue Tao
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
Wentao Zhang

Bug Description

CVE-2022-1050: https://nvd.nist.gov/vuln/detail/CVE-2022-1050

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.

Base Score: High


['qemu_1:5.2+dfsg-11+deb11u2_amd64.deb===>qemu_1:5.2+dfsg-11+deb11u3_amd64.deb', 'qemu-utils_1:5.2+dfsg-11+deb11u2_amd64.deb===>qemu-utils_1:5.2+dfsg-11+deb11u3_amd64.deb']

CVE References

Yue Tao (wrytao)
summary: - [Debian] High CVE: CVE-2022-1050 qemu: leading to a use-after-free
- condition
+ [Debian] High CVE: CVE-2022-1050 qemu: a use-after-free condition
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Changing the target release to stx.10.0 since the r/stx.9.0 release branch is created and the team doesn't port CVE fixes to released branches.

tags: added: stx.10.0
removed: stx.9.0
Wentao Zhang (wzhang4)
Changed in starlingx:
assignee: nobody → Wentao Zhang (wzhang4)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to virt (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/virt/+/919664

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to virt (master)

Reviewed: https://review.opendev.org/c/starlingx/virt/+/919664
Committed: https://opendev.org/starlingx/virt/commit/f7b1640f0b4b394c278bd64d13d343a149039644
Submitter: "Zuul (22348)"
Branch: master

commit f7b1640f0b4b394c278bd64d13d343a149039644
Author: Wentao Zhang <email address hidden>
Date: Tue May 14 01:54:18 2024 -0700

    Debian: qemu: fix CVE-2022-1050

    Upgrade qemu to 1:7.2+dfsg-7+deb12u5

    Refer to:

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean --all
    Pass: build-image
    Pass: boot

    Closes-bug: #2059901

    Change-Id: I13df6652dfa549ce876201b8053026117e72fd87
    Signed-off-by: Wentao Zhang <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.