CVE-2021-3608Access of Uninitialized Pointer in Qemu

CWE-824Access of Uninitialized Pointer8 documents7 sources
Severity
6.0MEDIUMNVD
OSV2.3
EPSS
0.0%
top 89.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
QemuDebian QemuDebian Linux+4 more
Timeline
PublishedFeb 24
Latest updateFeb 25

Description

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages8 packages

NVDqemu/qemu< 6.1.0
debiandebian/qemu< qemu 1:5.2+dfsg-11 (bookworm)
Debianqemu/qemu< 1:5.2+dfsg-11+3
Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.37+1
CVEListV5qemu/qemuqemu-kvm 6.1.0

Also affects: Debian Linux 10.0, Fedora 34

Patches

Patch: lists.gnu.orgPatch: lists.gnu.org

🔴Vulnerability Details

3
GHSA
GHSA-37hv-5w7w-hhjw: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 62022-02-25
OSV
CVE-2021-3608: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 62022-02-24
OSV
qemu vulnerabilities2021-07-15

📋Vendor Advisories

4
Microsoft
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result i2022-02-08
Ubuntu
QEMU vulnerabilities2021-07-15
Red Hat
QEMU: pvrdma: uninitialized memory unmap in pvrdma_ring_init()2021-06-17
Debian
CVE-2021-3608: qemu - A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device ...2021