CVE-2021-3638Out-of-bounds Write in Qemu

CWE-787Out-of-bounds Write11 documents8 sources
Severity
6.5MEDIUMNVD
OSV3.2
EPSS
0.0%
top 94.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
QemuDebian QemuFedoraproject Fedora+6 more
Timeline
PublishedMar 3
Latest updateJun 6

Description

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages11 packages

debiandebian/qemu< qemu 1:6.1+dfsg-6 (bookworm)
Debianqemu/qemu< 1:5.2+dfsg-11+deb11u1+3
Ubuntuqemu/qemu< 1:4.2-3ubuntu6.28+3
NVDqemu/qemu4.0.06.1.0
CVEListV5qemu/qemuAffects qemu v4.0 to v6.1

Also affects: Fedora 36, 37

Patches

Patch: lists.nongnu.orgPatch: lists.nongnu.org

🔴Vulnerability Details

4
OSV
qemu regression2024-06-06
OSV
qemu vulnerabilities2024-01-08
GHSA
GHSA-2r38-g5xg-3v7g: An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU2022-03-05
OSV
CVE-2021-3638: An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU2022-03-03

📋Vendor Advisories

6
Ubuntu
QEMU regression2024-06-06
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
QEMU vulnerabilities2024-01-08
Microsoft
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid2022-03-08
Red Hat
QEMU: ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write2021-07-07