CVE 2022-1050
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.
Related bugs and status
CVE-2022-1050 (Candidate) is related to these bugs:
Bug #1853307: [22.04 FEAT] Enhanced Interpretation for PCI Functions - qemu part
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1853307 | [22.04 FEAT] Enhanced Interpretation for PCI Functions - qemu part | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1853307 | [22.04 FEAT] Enhanced Interpretation for PCI Functions - qemu part | Ubuntu on IBM z Systems | Medium | Fix Released | ||
| 1853307 | [22.04 FEAT] Enhanced Interpretation for PCI Functions - qemu part | qemu (Ubuntu Lunar) | Undecided | Fix Released | ||
| 1853307 | [22.04 FEAT] Enhanced Interpretation for PCI Functions - qemu part | qemu (Ubuntu Kinetic) | Undecided | Won't Fix | ||
| 1853307 | [22.04 FEAT] Enhanced Interpretation for PCI Functions - qemu part | qemu (Ubuntu Jammy) | Undecided | Fix Released | ||
Bug #1957924: rpc-worker: debugfs access is restricted
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1957924 | rpc-worker: debugfs access is restricted | libvirt (Ubuntu) | Undecided | Fix Released | ||
| 1957924 | rpc-worker: debugfs access is restricted | libvirt | Unknown | Fix Released | ||
| 1957924 | rpc-worker: debugfs access is restricted | qemu (Ubuntu) | Undecided | Fix Released | ||
Bug #1959966: [23.04 FEAT] KVM: Secure Execution guest dump encryption with customer keys - qemu part
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1959966 | [23.04 FEAT] KVM: Secure Execution guest dump encryption with customer keys - qemu part | qemu (Ubuntu) | High | Fix Released | ||
| 1959966 | [23.04 FEAT] KVM: Secure Execution guest dump encryption with customer keys - qemu part | Ubuntu on IBM z Systems | High | Fix Released | ||
Bug #1988704: Consider adding further qemu modules that depend on universe
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1988704 | Consider adding further qemu modules that depend on universe | qemu (Ubuntu) | Medium | Fix Released | ||
Bug #1993438: Merge qemu from Debian unstable for l-series
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1993438 | Merge qemu from Debian unstable for l-series | qemu (Ubuntu) | Undecided | Fix Released | ||
Bug #1994002: [SRU] migration was active, but no RAM info was set
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1994002 | [SRU] migration was active, but no RAM info was set | qemu (Ubuntu) | Medium | Fix Released | ||
| 1994002 | [SRU] migration was active, but no RAM info was set | qemu (Ubuntu Kinetic) | Medium | Fix Released | ||
| 1994002 | [SRU] migration was active, but no RAM info was set | qemu (Ubuntu Jammy) | Medium | Fix Released | ||
| 1994002 | [SRU] migration was active, but no RAM info was set | qemu (Ubuntu Focal) | Medium | Fix Released | ||
| 1994002 | [SRU] migration was active, but no RAM info was set | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 1994002 | [SRU] migration was active, but no RAM info was set | Ubuntu Cloud Archive ussuri | Undecided | Fix Released | ||
| 1994002 | [SRU] migration was active, but no RAM info was set | qemu (Ubuntu Bionic) | Medium | Fix Released | ||
Bug #1999885: [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - qemu part
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1999885 | [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - qemu part | qemu (Ubuntu) | Low | Fix Released | ||
| 1999885 | [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - qemu part | Ubuntu on IBM z Systems | High | Fix Released | ||
| 1999885 | [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - qemu part | qemu (Ubuntu Lunar) | Low | Fix Released | ||
| 1999885 | [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - qemu part | qemu (Ubuntu Jammy) | Undecided | Fix Released | ||
| 1999885 | [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - qemu part | qemu (Ubuntu Focal) | Undecided | Fix Released | ||
| 1999885 | [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - qemu part | qemu (Ubuntu Kinetic) | Undecided | Fix Released | ||
Bug #2059901: [Debian] High CVE: CVE-2022-1050 qemu: a use-after-free condition
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2059901 | [Debian] High CVE: CVE-2022-1050 qemu: a use-after-free condition | StarlingX | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
