A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
{ "vanir_signatures": [ { "id": "CVE-2021-4158-18b1015f", "digest": { "line_hashes": [ "29241769371726105858997322140807546074", "204869718129668260300591851454772074210", "104609843986139743672680069331723361112", "16931581179525205007109690658504937315" ], "threshold": 0.9 }, "source": "https://gitlab.com/qemu-project/qemu@9bd6565ccee68f72d5012e24646e12a1c662827e", "target": { "file": "hw/acpi/pcihp.c" }, "signature_version": "v1", "deprecated": false, "signature_type": "Line" }, { "id": "CVE-2021-4158-5541ba0b", "digest": { "length": 1035.0, "function_hash": "151015625364822090940316435929247005440" }, "source": "https://gitlab.com/qemu-project/qemu@9bd6565ccee68f72d5012e24646e12a1c662827e", "target": { "function": "pci_write", "file": "hw/acpi/pcihp.c" }, "signature_version": "v1", "deprecated": false, "signature_type": "Function" } ] }