CVE-2021-3611
published 2022-05-11CVE-2021-3611: A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on…
medium6.5CVSS 3.1
AVLACLPRLUINSCCNINAH
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qemu | < qemu 1:7.0+dfsg-1 (bookworm) | qemu 1:7.0+dfsg-1 (bookworm) |
| msrc | azl3_qemu_6.2.0-18_on_azure_linux_3.0 | — | — |
| msrc | azl3_qemu_8.2.0-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_qemu-kvm_4.2.0-48_on_cbl_mariner_1.0 | — | — |
| qemu | qemu | < 7.0.0 | 7.0.0 |
| qemu | qemu | — | — |
| qemu | qemu | >= 0 < 1:7.0+dfsg-1 | 1:7.0+dfsg-1 |
| qemu | qemu | >= 0 < 1:7.0+dfsg-1 | 1:7.0+dfsg-1 |
| qemu | qemu | >= 0 < 1:7.0+dfsg-1 | 1:7.0+dfsg-1 |
| qemu | qemu | >= 0 < 1:4.2-3ubuntu6.28 | 1:4.2-3ubuntu6.28 |
| qemu | qemu | >= 0 < 1:4.2-3ubuntu6.29 | 1:4.2-3ubuntu6.29 |
| qemu | qemu | >= 0 < 1:6.2+dfsg-2ubuntu6.16 | 1:6.2+dfsg-2ubuntu6.16 |
| qemu | qemu | >= 0 < 1:6.2+dfsg-2ubuntu6.21 | 1:6.2+dfsg-2ubuntu6.21 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
osv6.5MEDIUM
OSV
qemu regression
osv·2024-06-06·CVSS 3.2
CVE-2023-2861 [LOW] qemu regression
qemu regression
USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too
restrictive and introduced a behaviour change leading to a regression in
certain environments. This update fixes the problem.
Original advisory details:
Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the
USB xHCI controller device. A privileged guest attacker could possibly use
this issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2020-14394)
It was discovered that QEMU incorrectly handled the TCG Accelerator. A
local attacker could use this issue to cause QEMU to crash, leading to a
denial of service, or possibly execute arbitrary code and esclate
privileges. This issue only affected Ubuntu 20.04
OSV
qemu vulnerabilities
osv·2024-01-08·CVSS 3.2
CVE-2020-14394 [LOW] qemu vulnerabilities
qemu vulnerabilities
Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the
USB xHCI controller device. A privileged guest attacker could possibly use
this issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2020-14394)
It was discovered that QEMU incorrectly handled the TCG Accelerator. A
local attacker could use this issue to cause QEMU to crash, leading to a
denial of service, or possibly execute arbitrary code and esclate
privileges. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-24165)
It was discovered that QEMU incorrectly handled the Intel HD audio device.
A malicious guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affe
GHSA
GHSA-rj8x-cp5p-j26r: A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU
ghsa_unreviewed·2022-05-12
CVE-2021-3611 [MEDIUM] CWE-119 GHSA-rj8x-cp5p-j26r: A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
OSV
CVE-2021-3611: A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU
osv·2022-05-11·CVSS 6.5
CVE-2021-3611 [MEDIUM] CVE-2021-3611: A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
Ubuntu
QEMU regression
vendor_ubuntu·2024-06-06·CVSS 3.2
CVE-2023-2861 [LOW] QEMU regression
Title: QEMU regression
Summary: USN-6567-1 introduced a regression in QEMU.
USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too
restrictive and introduced a behaviour change leading to a regression in
certain environments. This update fixes the problem.
Original advisory details:
Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the
USB xHCI controller device. A privileged guest attacker could possibly use
this issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2020-14394)
It was discovered that QEMU incorrectly handled the TCG Accelerator. A
local attacker could use this issue to cause QEMU to crash, leading to a
denial of service, or possibly execute arbitrary code
Ubuntu
QEMU vulnerabilities
vendor_ubuntu·2024-01-08·CVSS 3.2
CVE-2023-1544 [LOW] QEMU vulnerabilities
Title: QEMU vulnerabilities
Summary: Several security issues were fixed in QEMU.
Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the
USB xHCI controller device. A privileged guest attacker could possibly use
this issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2020-14394)
It was discovered that QEMU incorrectly handled the TCG Accelerator. A
local attacker could use this issue to cause QEMU to crash, leading to a
denial of service, or possibly execute arbitrary code and esclate
privileges. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-24165)
It was discovered that QEMU incorrectly handled the Intel HD audio device.
A malicious guest attacker could use this issue to cause QEMU t
Microsoft
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service
vendor_msrc·2022-05-10·CVSS 6.5
CVE-2021-3611 [MEDIUM] CWE-119 A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/
Debian
CVE-2021-3611: qemu - A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda...
vendor_debian·2021·CVSS 6.5
CVE-2021-3611 [MEDIUM] CVE-2021-3611: qemu - A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda...
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
Scope: local
bookworm: resolved (fixed in 1:7.0+dfsg-1)
bullseye: open
forky: resolved (fixed in 1:7.0+dfsg-1)
sid: resolved (fixed in 1:7.0+dfsg-1)
trixie: resolved (fixed in 1:7.0+dfsg-1)
Red Hat
QEMU: intel-hda: segmentation fault due to stack overflow
vendor_redhat·2020-12-09·CVSS 6.5
CVE-2021-3611 [MEDIUM] CWE-787 QEMU: intel-hda: segmentation fault due to stack overflow
QEMU: intel-hda: segmentation fault due to stack overflow
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
Statement: This issue was introduced in QEMU upstream version 5.0.0. As a result, it only affects the version of `qemu-kvm` as
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=1973784https://gitlab.com/qemu-project/qemu/-/issues/542https://security.gentoo.org/glsa/202208-27https://security.netapp.com/advisory/ntap-20220624-0001/https://bugzilla.redhat.com/show_bug.cgi?id=1973784https://gitlab.com/qemu-project/qemu/-/issues/542https://security.gentoo.org/glsa/202208-27https://security.netapp.com/advisory/ntap-20220624-0001/
2022-05-11
Published