CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3607
https://notcve.org/view.php?id=CVE-2021-3607
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un desbordamiento de enteros en la implementación de QEMU del dispositivo RDMA paravirtual de VMWare en versiones anteriores a 6.1.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1973349 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220318-0002 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3947
https://notcve.org/view.php?id=CVE-2021-3947
A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information. Se ha encontrado un desbordamiento de pila en QEMU en el componente NVME. El fallo es encontrado en nvme_changed_nslist(), donde un huésped malicioso que controle determinadas entradas puede leer memoria fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=2021869 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220318-0003 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-4145 – QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c
https://notcve.org/view.php?id=CVE-2021-4145
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. Se encontró un problema de desreferencia de puntero NULL en la capa de réplica de bloques de QEMU en versiones anteriores a 6.2.0. El puntero "self" es dereferenciado en mirror_wait_on_conflicts() sin asegurar que no sea NULL. • https://bugzilla.redhat.com/show_bug.cgi?id=2034602 https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220311-0004 https://access.redhat.com/security/cve/CVE-2021-4145 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3930 – QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c
https://notcve.org/view.php?id=CVE-2021-3930
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. Se ha encontrado un error "off-by-one" en la emulación de dispositivos SCSI en QEMU. Podía ocurrir mientras eran procesados comandos MODE SELECT en mode_sense_page() si el argumento "page" era establecido como MODE_PAGE_ALLS (0x3f). • https://bugzilla.redhat.com/show_bug.cgi?id=2020588 https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220225-0007 https://access.redhat.com/security/cve/CVE-2021-3930 • CWE-193: Off-by-one Error •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3638
https://notcve.org/view.php?id=CVE-2021-3638
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se ha encontrado un fallo de acceso a memoria fuera de límites en la emulación de dispositivos ATI VGA de QEMU. Este fallo es producido en la rutina ati_2d_blt() mientras son manejadas operaciones de escritura MMIO cuando el huésped proporciona valores no válidos para los parámetros de pantalla de destino. • https://bugzilla.redhat.com/show_bug.cgi?id=1979858 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html https://security.netapp.com/advisory/ntap-20220407-0003 https://ubuntu.com/security/CVE-2021-3638 • CWE-787: Out-of-bounds Write •