CVE-2022-3872

Publication date 7 November 2022

Last updated 26 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qemu	25.10 questing	Vulnerable, fix deferred
	25.04 plucky	Vulnerable, fix deferred
	24.10 oracular	Ignored end of life, was deferred
	24.04 LTS noble	Vulnerable, fix deferred
	23.10 mantic	Ignored end of life, was deferred [2025-01-16]
	23.04 lunar	Ignored end of life, was deferred [2025-01-16]
	22.10 kinetic	Ignored end of life, was deferred [2025-01-16]
	22.04 LTS jammy	Vulnerable, fix deferred
	20.04 LTS focal	Vulnerable, fix deferred
	18.04 LTS bionic	Vulnerable, fix deferred
	16.04 LTS xenial	Vulnerable, fix deferred
	14.04 LTS trusty	Vulnerable, fix deferred

Notes

0xnishit

As of 2025-08-25, patch is not commited to upstream

mdeslaur

see https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01504.html

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qemu	Upstream: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html Upstream: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01161.html

Severity score breakdown

Parameter	Value
Base score	8.6 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Changed
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H