Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-3638

Опубликовано: 03 мар. 2022
Источник: debian
EPSS Низкий

Описание

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:6.1+dfsg-6package
qemunot-affectedbusterpackage
qemunot-affectedstretchpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=1979858

  • https://lore.kernel.org/qemu-devel/CAA8xKjXkDwPYxSAeRb+2mfHRrbiL_kh9unVkemFXLfF68UXePA@mail.gmail.com

  • Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/584acf34cb05f16e13a46d666196a7583d232616 (v4.1.0-rc0)

  • Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/205ccfd7a5ec86bd9a5678b8bd157562fc9a1643 (v7.2.0-rc0)

EPSS

Процентиль: 1%
0.00009
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-3638

CVSS3: 6.5
ubuntu
больше 3 лет назад

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

redhat логотип

CVE-2021-3638

CVSS3: 6
redhat
почти 4 года назад

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

nvd логотип

CVE-2021-3638

CVSS3: 6.5
nvd
больше 3 лет назад

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

msrc логотип

CVE-2021-3638

CVSS3: 6.5
msrc
больше 2 лет назад

Описание отсутствует

github логотип

GHSA-2r38-g5xg-3v7g

CVSS3: 6.5
github
больше 3 лет назад

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

EPSS

Процентиль: 1%
0.00009
Низкий