Oval Definition:	oval:org.opensuse.security:def:20222962
Revision Date: 2023-06-22 Version: 1 Title: CVE-2022-2962 Description: A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2022-2962 SUSE CVE-2022-2962 Platform(s): SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 12 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND qemu is not affected OR Package Information SUSE Linux Enterprise Server 12 SP5 is installed AND qemu is not affected OR qemu-arm is not affected OR qemu-audio-alsa is not affected OR qemu-audio-oss is not affected OR qemu-audio-pa is not affected OR qemu-audio-sdl is not affected OR qemu-block-curl is not affected OR qemu-block-iscsi is not affected OR qemu-block-rbd is not affected OR qemu-block-ssh is not affected OR qemu-guest-agent is not affected OR qemu-ipxe is not affected OR qemu-kvm is not affected OR qemu-lang is not affected OR qemu-ppc is not affected OR qemu-s390 is not affected OR qemu-seabios is not affected OR qemu-sgabios is not affected OR qemu-tools is not affected OR qemu-ui-curses is not affected OR qemu-ui-gtk is not affected OR qemu-ui-sdl is not affected OR qemu-vgabios is not affected OR qemu-x86 is not affected Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed AND Package Information qemu is affected OR qemu-audio-alsa is affected OR qemu-audio-pa is affected OR qemu-block-curl is affected OR qemu-block-iscsi is affected OR qemu-block-rbd is affected OR qemu-block-ssh is affected OR qemu-guest-agent is affected OR qemu-ipxe is affected OR qemu-kvm is affected OR qemu-lang is affected OR qemu-microvm is affected OR qemu-ppc is affected OR qemu-seabios is affected OR qemu-sgabios is affected OR qemu-tools is affected OR qemu-ui-curses is affected OR qemu-ui-gtk is affected OR qemu-ui-spice-app is affected OR qemu-vgabios is affected OR qemu-x86 is affected Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed AND Package Information qemu is not affected OR qemu-block-curl is not affected OR qemu-block-iscsi is not affected OR qemu-block-rbd is not affected OR qemu-block-ssh is not affected OR qemu-guest-agent is not affected OR qemu-ipxe is not affected OR qemu-kvm is not affected OR qemu-lang is not affected OR qemu-ppc is not affected OR qemu-seabios is not affected OR qemu-sgabios is not affected OR qemu-tools is not affected OR qemu-vgabios is not affected OR qemu-x86 is not affected Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP5 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND qemu-tools-7.1.0-150500.47.15 is installed
BACK