CVE-2021-3607
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Se encontró un desbordamiento de enteros en la implementación de QEMU del dispositivo RDMA paravirtual de VMWare en versiones anteriores a 6.1.0. El problema es producido mientras es manejado inapropiadamente una escritura "PVRDMA_REG_DSRHIGH" desde el huésped debido a una comprobación de entrada inapropiada. Este fallo permite a un usuario invitado con privilegios hacer que QEMU asigne una gran cantidad de memoria, resultando en una denegación de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-17 CVE Reserved
- 2022-02-24 CVE Published
- 2023-06-01 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1973349 | Issue Tracking | |
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20220318-0002 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202208-27 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | < 6.1.0 Search vendor "Qemu" for product "Qemu" and version " < 6.1.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
|