Sign In

CVE-2022-36648

ADVISORY - nist

Summary

The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.

EPSS Score: 0.01236 (0.792)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-476

NULL Pointer Dereference

ADVISORY - redhat

CWE-476

NULL Pointer Dereference

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in