CVE-2021-3638
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-3638
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3638.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-3638
- Related
- Published
- 2022-03-03T23:15:08Z
- Modified
- 2024-09-03T03:55:23.191965Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati2dblt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
- References
-
- https://security.netapp.com/advisory/ntap-20220407-0003/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/
- https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1979858
- https://ubuntu.com/security/CVE-2021-3638
Affected packages
Git / github.com/qemu/qemu
Affected versions
v4.*
v4.0.0
v4.1.0
v4.1.0-rc0
v4.1.0-rc1
v4.1.0-rc2
v4.1.0-rc3
v4.1.0-rc4
v4.1.0-rc5
v4.2.0
v4.2.0-rc0
v4.2.0-rc1
v4.2.0-rc2
v4.2.0-rc3
v4.2.0-rc4
v4.2.0-rc5
v5.*
v5.0.0
v5.0.0-rc0
v5.0.0-rc1
v5.0.0-rc2
v5.0.0-rc3
v5.0.0-rc4
v5.1.0
v5.1.0-rc0
v5.1.0-rc1
v5.1.0-rc2
v5.1.0-rc3
v5.2.0
v5.2.0-rc0
v5.2.0-rc1
v5.2.0-rc2
v5.2.0-rc3
v5.2.0-rc4
v6.*
v6.0.0
v6.0.0-rc0
v6.0.0-rc1
v6.0.0-rc2
v6.0.0-rc3
v6.0.0-rc4
v6.0.0-rc5
v6.1.0
v6.1.0-rc0
v6.1.0-rc1
v6.1.0-rc2
v6.1.0-rc3
v6.1.0-rc4