CVE-2021-20295Out-of-bounds Read in Qemu

CWE-125Out-of-bounds Read5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 64.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian QemuMsrc CM1 Qemu-kvm 4.2.0-48 ON CBL Mariner 1.0
Timeline
PublishedApr 1
Latest updateApr 12

Description

It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the origi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

NVDqemu/qemu< 4.2.0-34
debiandebian/qemu

🔴Vulnerability Details

1
GHSA
GHSA-rjqx-xfpj-xxrg: It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access2022-04-03

📋Vendor Advisories

3
Microsoft
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to in2022-04-12
Debian
CVE-2021-20295: qemu - It was discovered that the update for the virt:rhel module in the RHSA-2020:4676...2021
Red Hat
QEMU: Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.32020-05-27