Login Sign Up

CVE-2022-35414

8.8 HIGH
Denial of Service

📋 TL;DR

CVE-2022-35414 is an uninitialized read vulnerability in QEMU's memory management component that can lead to crashes when handling I/O operations. This affects QEMU versions through 7.0.0 when used in non-virtualization scenarios, though the vendor considers this a non-security bug for virtualization use cases.

💻 Affected Systems

Products:
  • QEMU
Versions: All versions through 7.0.0
Operating Systems: All platforms running QEMU
Default Config Vulnerable: ⚠️ Yes
Notes: According to QEMU maintainers, this is only considered a security bug for non-virtualization use cases. Virtualization deployments may be less affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Qemu by Qemu

View all CVEs affecting Qemu →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service through QEMU process crash, potentially disrupting services or virtual machines managed by QEMU.

🟠

Likely Case

Application instability or crashes when QEMU encounters specific I/O operations on the translate_fail path.

🟢

If Mitigated

Minimal impact if QEMU is used only for virtualization purposes as intended by the vendor.

🌐 Internet-Facing: LOW - QEMU is typically not directly internet-facing; exploitation would require access to the host system.
🏢 Internal Only: MEDIUM - Internal systems running vulnerable QEMU versions could experience service disruptions if exploited.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering the specific translate_fail path with uninitialized memory access. No known active exploitation in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 3517fb726741c109cae7995f9ea46f0cab6187d6 and later versions

Vendor Advisory: https://gitlab.com/qemu-project/qemu/-/issues/1169

Restart Required: Yes

Instructions:

1. Update QEMU to version 7.0.1 or later. 2. Apply the specific patch from commit 3517fb726741c109cae7995f9ea46f0cab6187d6 if using custom builds. 3. Restart all QEMU processes and virtual machines.

🔧 Temporary Workarounds

Limit QEMU to virtualization use only

all

Ensure QEMU is only used for its intended virtualization purposes, not for non-virtualization use cases where this vulnerability is considered more critical.

🧯 If You Can't Patch

  • Isolate QEMU instances from untrusted networks and users
  • Monitor QEMU processes for crashes and implement restart automation

🔍 How to Verify

Check if Vulnerable:

Check QEMU version with 'qemu-system-x86_64 --version' or similar architecture command. Versions 7.0.0 and earlier are vulnerable.

Check Version:

qemu-system-x86_64 --version | grep -E 'version|QEMU'

Verify Fix Applied:

Verify version is 7.0.1 or later, or check that commit 3517fb726741c109cae7995f9ea46f0cab6187d6 is included in the build.

📡 Detection & Monitoring

Log Indicators:

  • QEMU process crashes
  • Segmentation fault errors in system logs
  • Unexpected termination of virtual machines

Network Indicators:

  • Unusual I/O patterns to QEMU-managed devices

SIEM Query:

source="system" AND ("qemu" OR "kvm") AND ("segmentation fault" OR "crash" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2022-35414
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-908
Published: July 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-35414, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)