CVE-2021-3611
QEMU: intel-hda: segmentation fault due to stack overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
Se encontró una vulnerabilidad de desbordamiento de pila en el dispositivo Intel HD Audio (intel-hda) de QEMU. Un invitado malicioso podría usar este defecto para bloquear el proceso de QEMU en el host, resultando en una condición de denegación de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema. Este fallo afecta a las versiones de QEMU anteriores a 7.0.0
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-18 CVE Reserved
- 2022-05-11 CVE Published
- 2024-08-02 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20220624-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/qemu-project/qemu/-/issues/542 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1973784 | 2022-11-15 | |
| https://security.gentoo.org/glsa/202208-27 | 2023-02-12 | |
| https://access.redhat.com/security/cve/CVE-2021-3611 | 2022-11-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | < 7.0.0 Search vendor "Qemu" for product "Qemu" and version " < 7.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | advanced_virtualization |
Affected
| ||||||