Bugzilla – Bug 1205131
VUL-0: CVE-2022-3872: kvm,qemu: sdhci: buffer data port register off-by-one read/write
Last modified: 2023-01-12 08:53:18 UTC
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
There are no commit references from RedHat. The most similar fix I could find would be the one below, although it is not an off-by-one bug but a reentrancy issue:
Proposed patch (not merged yet):