CVE-2022-35414 – QEMU 4.1.50 through QEMU 7.0.0 – address_space_translate_for_iotlb allows a guest user to crash a host resulting in a denial of service.
QEMU version 4.1.50 through 7.0.0
A vulnerability in qemu-system-aarch64 in QEMU 4.1.50 through QEMU 7.0.0 allows a guest OS to crash a host when a guess attempts to access an unmapped IOMMU. An attacker can crash and potentially execute arbitrary code as a QEMU guest. An uninitialized local variable in cputlb tlb_set_page_with_attrs causes a SIGSEGV in io_readx/io_writex via address_space_translate_for_iotlb when a CPU accesses an unmapped IOMMU via memory_region_register_iommu_notifier.