// For flags

CVE-2021-4145

QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.

Se encontró un problema de desreferencia de puntero NULL en la capa de réplica de bloques de QEMU en versiones anteriores a 6.2.0. El puntero "self" es dereferenciado en mirror_wait_on_conflicts() sin asegurar que no sea NULL. Un usuario malicioso no privilegiado dentro del huésped podría usar este fallo para bloquear el proceso de QEMU en el host cuando la escritura de datos alcanza el umbral del nodo de reflejo

A NULL pointer dereference issue was found in the block mirror layer of QEMU. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.

Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, integer overflow, null pointer, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-12-21 CVE Reserved
  • 2022-01-25 CVE Published
  • 2024-08-03 CVE Updated
  • 2025-05-28 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Qemu
Search vendor "Qemu"
 Qemu
Search vendor "Qemu" for product "Qemu"
 6.1.0
Search vendor "Qemu" for product "Qemu" and version "6.1.0"
-
Affected
Qemu
Search vendor "Qemu"
 Qemu
Search vendor "Qemu" for product "Qemu"
 6.1.0
Search vendor "Qemu" for product "Qemu" and version "6.1.0"
rc0
Affected
Qemu
Search vendor "Qemu"
 Qemu
Search vendor "Qemu" for product "Qemu"
 6.1.0
Search vendor "Qemu" for product "Qemu" and version "6.1.0"
rc1
Affected
Qemu
Search vendor "Qemu"
 Qemu
Search vendor "Qemu" for product "Qemu"
 6.1.0
Search vendor "Qemu" for product "Qemu" and version "6.1.0"
rc2
Affected
Qemu
Search vendor "Qemu"
 Qemu
Search vendor "Qemu" for product "Qemu"
 6.1.0
Search vendor "Qemu" for product "Qemu" and version "6.1.0"
rc3
Affected
Qemu
Search vendor "Qemu"
 Qemu
Search vendor "Qemu" for product "Qemu"
 6.1.0
Search vendor "Qemu" for product "Qemu" and version "6.1.0"
rc4
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Affected