// For flags

CVE-2021-3607

 

Severity Score

6.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Se encontró un desbordamiento de enteros en la implementación de QEMU del dispositivo RDMA paravirtual de VMWare en versiones anteriores a 6.1.0. El problema es producido mientras es manejado inapropiadamente una escritura "PVRDMA_REG_DSRHIGH" desde el huésped debido a una comprobación de entrada inapropiada. Este fallo permite a un usuario invitado con privilegios hacer que QEMU asigne una gran cantidad de memoria, resultando en una denegación de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-06-17 CVE Reserved
  • 2022-02-24 CVE Published
  • 2023-06-01 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-190: Integer Overflow or Wraparound
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Qemu
Search vendor "Qemu"
Qemu
Search vendor "Qemu" for product "Qemu"
< 6.1.0
Search vendor "Qemu" for product "Qemu" and version " < 6.1.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected