Bug 1197653 - (CVE-2022-1050) VUL-0: CVE-2022-1050: qemu,kvm: pvrdma: use-after-free issue in pvrdma_exec_cmd()
(CVE-2022-1050)
VUL-0: CVE-2022-1050: qemu,kvm: pvrdma: use-after-free issue in pvrdma_exec_c...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/327484/
CVSSv3.1:SUSE:CVE-2022-1050:8.2:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-29 14:54 UTC by Thomas Leroy
Modified: 2023-01-15 15:12 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
stoyan.manolov: needinfo? (kvm-bugs)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-03-29 14:54:32 UTC
rh#2069625

Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.

Upstream patch:
https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2069625
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1050
Comment 1 Thomas Leroy 2022-03-30 08:40:39 UTC
pvrdma support seems to be only present in the following codestreams:
- SUSE:SLE-12-SP5:Update/qemu
- SUSE:SLE-15-SP1:Update/qemu
- SUSE:SLE-15-SP2:Update/qemu
- SUSE:SLE-15-SP3:Update/qemu
- SUSE:SLE-15-SP4:Update/qemu
Comment 2 Dario Faggioli 2022-05-23 15:39:49 UTC
(In reply to Thomas Leroy from comment #0)
> rh#2069625
> 
> Guest driver might execute HW commands when shared buffers are not yet
> allocated, potentially leading to a use-after-free condition.
> 
> Upstream patch:
> https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html
> 
Indeed.

But the patch is not upstream yet, AFAICS.
Comment 9 Claudio Fontana 2022-12-07 15:06:25 UTC
(pinged upstream, but looks good to me)
Comment 10 Hu 2022-12-14 08:23:06 UTC
Hi, is there any update here? Thanks!