CVE-2021-3607 — Integer Overflow or Wraparound in Qemu

CWE-190 — Integer Overflow or Wraparound CWE-770 — Allocation of Resources Without Limits or Throttling CWE-125 — Out-of-bounds Read CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

6.0MEDIUMNVD

OSV2.3

EPSS

0.2%

top 61.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux +4 more

Timeline

PublishedFeb 24

Latest updateFeb 25

Description

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages8 packages

▶NVDqemu/qemu< 6.1.0

▶debiandebian/qemu< qemu 1:5.2+dfsg-11 (bookworm)

▶Debianqemu/qemu< 1:5.2+dfsg-11+3

▶Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.37+1

▶CVEListV5qemu/qemuqemu-kvm 6.1.0

Also affects: Debian Linux 10.0, Fedora 34

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-3h3j-q234-gp6p: An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6↗2022-02-25

▶

OSV

CVE-2021-3607: An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6↗2022-02-24

▶

OSV

qemu vulnerabilities↗2021-07-15

▶

📋Vendor Advisories

Microsoft

▶

Ubuntu

QEMU vulnerabilities↗2021-07-15

▶

Red Hat

QEMU: pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()↗2021-06-17

▶

Debian

CVE-2021-3607: qemu - An integer overflow was found in the QEMU implementation of VMWare's paravirtual...↗2021

▶