Assigner | mitre |
Reserved | 2022-07-25 |
Published | 2023-08-22 |
Updated | 2024-05-13 |
Description
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.
References
https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html
https://security.netapp.com/advisory/ntap-20231006-0004/