Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2022-35414

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.1
References
Products affected by CVE-2022-35414
  • Qemu » Qemu » Version: 07-20-2020
    cpe:2.3:a:qemu:qemu:07-20-2020
  • Qemu » Qemu » Version: 4.2.0
    cpe:2.3:a:qemu:qemu:4.2.0
  • Qemu » Qemu » Version: 4.2.0-34
    cpe:2.3:a:qemu:qemu:4.2.0-34
  • Qemu » Qemu » Version: 4.2.1
    cpe:2.3:a:qemu:qemu:4.2.1
  • Qemu » Qemu » Version: 5.0
    cpe:2.3:a:qemu:qemu:5.0
  • Qemu » Qemu » Version: 5.0.0
    cpe:2.3:a:qemu:qemu:5.0.0
  • Qemu » Qemu » Version: 5.0.1
    cpe:2.3:a:qemu:qemu:5.0.1
  • Qemu » Qemu » Version: 5.1.0
    cpe:2.3:a:qemu:qemu:5.1.0
  • Qemu » Qemu » Version: 5.1.1
    cpe:2.3:a:qemu:qemu:5.1.1
  • Qemu » Qemu » Version: 5.2.0
    cpe:2.3:a:qemu:qemu:5.2.0
  • Qemu » Qemu » Version: 5.2.50
    cpe:2.3:a:qemu:qemu:5.2.50
  • Qemu » Qemu » Version: 6.0.0
    cpe:2.3:a:qemu:qemu:6.0.0
  • Qemu » Qemu » Version: 6.1.0
    cpe:2.3:a:qemu:qemu:6.1.0
  • Qemu » Qemu » Version: 6.1.50
    cpe:2.3:a:qemu:qemu:6.1.50
  • Qemu » Qemu » Version: 6.2.0
    cpe:2.3:a:qemu:qemu:6.2.0
  • Qemu » Qemu » Version: 6.2.0-7
    cpe:2.3:a:qemu:qemu:6.2.0-7
  • Qemu » Qemu » Version: 7.0.0
    cpe:2.3:a:qemu:qemu:7.0.0
  • Debian » Debian Linux » Version: 10.0
    cpe:2.3:o:debian:debian_linux:10.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved