CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3611 – QEMU: intel-hda: segmentation fault due to stack overflow
https://notcve.org/view.php?id=CVE-2021-3611
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. Se encontró una vulnerabilidad de desbordamiento de pila en el dispositivo Intel HD Audio (intel-hda) de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1973784 https://gitlab.com/qemu-project/qemu/-/issues/542 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220624-0001 https://access.redhat.com/security/cve/CVE-2021-3611 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-20316 – samba: Symlink race error can allow metadata read and modify outside of the exported share
https://notcve.org/view.php?id=CVE-2021-20316
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. Se ha encontrado un fallo en la forma en que Samba maneja los metadatos de los archivos/directorios. Este fallo permite a un atacante autenticado con permisos para leer o modificar los metadatos del recurso compartido, llevar a cabo esta operación fuera del recurso compartido. • https://access.redhat.com/security/cve/CVE-2021-20316 https://bugzilla.redhat.com/show_bug.cgi?id=2009673 https://bugzilla.samba.org/show_bug.cgi?id=14842 https://security-tracker.debian.org/tracker/CVE-2021-20316 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2021-20316.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3839 – DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
https://notcve.org/view.php?id=CVE-2021-3839
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability. Se ha encontrado un fallo en la biblioteca vhost de DPDK. La función vhost_user_set_inflight_fd() no comprueba "msg-)payload.inflight.num_queues", causando posiblemente una lectura/escritura de memoria fuera de límites. • https://access.redhat.com/security/cve/CVE-2021-3839 https://bugzilla.redhat.com/show_bug.cgi?id=2025882 https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2021-3975 – libvirt: segmentation fault during VM shutdown can lead to vdsm hang
https://notcve.org/view.php?id=CVE-2021-3975
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. Se ha encontrado un fallo de uso de memoria previamente liberada en libvirt. • https://access.redhat.com/security/cve/CVE-2021-3975 https://bugzilla.redhat.com/show_bug.cgi?id=2024326 https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.netapp.com/advisory/ntap-20221201-0002 https://ubuntu.com/security/CVE-2021-3975 • CWE-416: Use After Free •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3750 – QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free
https://notcve.org/view.php?id=CVE-2021-3750
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. • https://bugzilla.redhat.com/show_bug.cgi?id=1999073 https://gitlab.com/qemu-project/qemu/-/issues/541 https://gitlab.com/qemu-project/qemu/-/issues/556 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220624-0003 https://access.redhat.com/security/cve/CVE-2021-3750 • CWE-416: Use After Free •