CVE-2021-4207Race Condition in Qemu

CWE-362Race ConditionCWE-120Classic Buffer Overflow9 documents8 sources
Severity
8.2HIGHNVD
OSV6.1
EPSS
0.0%
top 84.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian LinuxRedhat Enterprise Linux
Timeline
PublishedApr 29
Latest updateJun 21

Description

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages4 packages

NVDqemu/qemu< 7.0.0
Debianqemu/qemu< 1:5.2+dfsg-11+deb11u2+3
Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.40+2
CVEListV5qemu/qemuqemu-kvm 7.0.0

Also affects: Debian Linux 10.0, 11.0, Enterprise Linux 8.0

🔴Vulnerability Details

4
OSV
qemu vulnerabilities2022-06-21
GHSA
GHSA-9p8r-v33g-4939: A flaw was found in the QXL display device emulation in QEMU2022-04-30
OSV
CVE-2021-4207: A flaw was found in the QXL display device emulation in QEMU2022-04-29
CVEList
CVE-2021-4207: A flaw was found in the QXL display device emulation in QEMU2022-04-29

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2022-06-21
Microsoft
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor 2022-04-12
Red Hat
QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow2022-03-28
Debian
CVE-2021-4207: qemu - A flaw was found in the QXL display device emulation in QEMU. A double fetch of ...2021
CVE-2021-4207 — Race Condition in Qemu | cvebase