CVE-2022-36648 Information

Description

The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU as used in 7.0.0 and earlier allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.

Reference

https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html