Wiz
Vulnerability DatabaseCVE-2022-2962

CVE-2022-2962
NixOS vulnerability analysis and mitigation

Overview

A DMA reentrancy issue was discovered in the Tulip device emulation in QEMU (CVE-2022-2962). The vulnerability was found in the way QEMU handles DMA operations when Tulip reads or writes to rx/tx descriptors or copies rx/tx frames. The issue affects QEMU's Tulip network device emulation implementation (QEMU Issue).

Technical details

The vulnerability occurs when the Tulip device emulation performs DMA operations without checking whether the destination address is its own MMIO address. The DMA engine is triggered by I/O access and then itself accesses the I/O registers, leading to a reentrancy bug that results in a stack overflow condition. This was confirmed through stack traces showing recursive calls in the tulipxmitlistupdate and tulipwrite functions (QEMU Commit).

Impact

When exploited, this vulnerability can cause the QEMU process to crash on the host system, resulting in a denial of service condition. Additionally, there is potential for arbitrary code execution within the context of the QEMU process on the host system (QEMU Issue).

Mitigation and workarounds

The issue has been fixed by restricting the DMA engine to memory regions only. The fix was implemented by adding checks to prevent DMA operations from accessing I/O registers directly (QEMU Commit).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-14330CRITICAL9.8
  • NixOSNixOS
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
NoYesDec 09, 2025
CVE-2025-14329HIGH8.8
  • NixOSNixOS
  • cpe:2.3:a:mozilla:firefox_esr
NoYesDec 09, 2025
CVE-2025-14333HIGH8.1
  • NixOSNixOS
  • firefox-esr
NoYesDec 09, 2025
CVE-2025-14332HIGH7.3
  • NixOSNixOS
  • thunderbird
NoYesDec 09, 2025
CVE-2025-14331MEDIUM6.5
  • NixOSNixOS
  • firefox
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo