Fabre

#1052670 qemu: CVE-2022-36648 #1052670

Package:: src:qemu

Source:: src:qemu

Submitter:: Moritz Mühlenhoff

Date:: 2026-06-01 17:43:01 UTC

Severity:: normal

Tags:

#1052670#5

Date:: 2023-09-25 21:30:54 UTC

From:

To:

Hi,

The following vulnerability was published for qemu.

CVE-2022-36648[0]:
| The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker
| device model in QEMU, as used in 7.0.0 and earlier, allows remote
| attackers to crash the host qemu and potentially execute code on the
| host via execute a malformed program in the guest OS.

https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-36648
https://www.cve.org/CVERecord?id=CVE-2022-36648

Please adjust the affected versions in the BTS as needed.

#1052670#14

Date:: 2024-01-03 16:11:29 UTC

From:

To:

Control: forward -1 https://gitlab.com/qemu-project/qemu/-/issues/1851
Control: severity -1 normal

This has later been revisited by upstream, setting up the new reference.
See also https://www.mail-archive.com/qemu-devel@nongnu.org/msg984090.html

/mjt

#1052670 qemu: CVE-2022-36648 #1052670

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)