CVE-2021-4158 — NULL Pointer Dereference in Qemu

CWE-476 — NULL Pointer Dereference9 documents8 sources

Severity

6.0MEDIUMNVD

OSV6.5

EPSS

0.0%

top 93.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Redhat Enterprise Linux

Timeline

PublishedAug 24

Latest updateAug 25

Description

A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages4 packages

▶NVDqemu/qemu6.0.0 — 7.0.0

▶Debianqemu/qemu< 1:6.2+dfsg-2+2

▶Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.39+1

▶CVEListV5qemu/qemuAffects v6.0.0 and above.

Also affects: Enterprise Linux 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: gitlab.com ↗Patch: www.mail-archive.com ↗

🔴Vulnerability Details

GHSA

GHSA-9p4w-6fpq-fpm6: A NULL pointer dereference issue was found in the ACPI code of QEMU↗2022-08-25

▶

OSV

CVE-2021-4158: A NULL pointer dereference issue was found in the ACPI code of QEMU↗2022-08-24

▶

CVEList

CVE-2021-4158: A NULL pointer dereference issue was found in the ACPI code of QEMU↗2022-08-24

▶

OSV

qemu vulnerabilities↗2022-02-28

▶

📋Vendor Advisories

Microsoft

A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious privileged user within the guest could use this flaw to crash the QEMU process on the host resulting in a denial of ser↗2022-08-09

▶

Ubuntu

QEMU vulnerabilities↗2022-02-28

▶

Red Hat

QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c↗2021-12-12

▶

Debian

CVE-2021-4158: qemu - A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious...↗2021

▶