CVE-2021-3507Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write8 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 91.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
QemuDebian QemuDebian Linux+2 more
Timeline
PublishedMay 6
Latest updateJun 21

Description

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 1.8 | Impact: 4.2

Affected Packages6 packages

debiandebian/qemu< qemu 1:7.1+dfsg-1 (bookworm)
Debianqemu/qemu< 1:5.2+dfsg-11+deb11u3+3
Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.40+2
NVDqemu/qemu6.0.0
CVEListV5qemu/qemuup to 6.0.0 (including)

Also affects: Debian Linux 10.0, Enterprise Linux 8.0

🔴Vulnerability Details

3
OSV
qemu vulnerabilities2022-06-21
GHSA
GHSA-m99h-7jcp-j7w9: A heap buffer overflow was found in the floppy disk emulator of QEMU up to 62022-05-24
OSV
CVE-2021-3507: A heap buffer overflow was found in the floppy disk emulator of QEMU up to 62021-05-06

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2022-06-21
Microsoft
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers fro2021-05-11
Red Hat
QEMU: fdc: heap buffer overflow in DMA read data transfers2021-04-19
Debian
CVE-2021-3507: qemu - A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0...2021