CVE-2021-4206
QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Se ha encontrado un fallo en la emulación del dispositivo de visualización QXL en QEMU. Un desbordamiento de enteros en la función cursor_alloc() puede conllevar a una asignación de un pequeño objeto cursor seguido de un posterior desbordamiento del búfer en la región heap de la memoria. Este fallo permite a un usuario invitado con privilegios maliciosos bloquear el proceso QEMU en el host o ejecutar potencialmente código arbitrario dentro del contexto del proceso QEMU
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-13 CVE Reserved
- 2022-04-29 CVE Published
- 2024-07-21 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-131: Incorrect Calculation of Buffer Size
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://starlabs.sg/advisories/21-4206 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2036998 | 2022-08-02 | |
https://security.gentoo.org/glsa/202208-27 | 2023-11-07 | |
https://www.debian.org/security/2022/dsa-5133 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2021-4206 | 2022-08-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | < 7.0.0 Search vendor "Qemu" for product "Qemu" and version " < 7.0.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | advanced_virtualization |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
|