Off-by-one Error

CVE-2022-3872

High

8.6/10

Summary

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in "sdhci_read_dataport" and "sdhci_write_dataport", respectively, if "data_count == block_size". A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-193 - Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

References

Advisory
Issue
Reset data count in sdhci_buff_access_is_sequential
Do not set Buf Wr Ena before writing block

Advisory Timeline

Published Nov 07, 2022

Off-by-one Error

CVE-2022-3872

Summary

CWE-193 - Off-by-one Error

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS