Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-20221

Опубликовано: 13 мая 2021
Источник: nvd
CVSS3: 6
CVSS2: 2.1
EPSS Низкий

Описание

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:arm64:*
Версия до 4.2.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 2%
0.00014
Низкий

6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-125
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2021-20221

CVSS3: 6
ubuntu
около 4 лет назад

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

redhat логотип

CVE-2021-20221

CVSS3: 2.5
redhat
больше 4 лет назад

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

msrc логотип

CVE-2021-20221

CVSS3: 6
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-20221

CVSS3: 6
debian
около 4 лет назад

An out-of-bounds heap buffer access issue was found in the ARM Generic ...

github логотип

GHSA-3f6w-864h-4prm

CVSS3: 6
github
около 3 лет назад

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

EPSS

Процентиль: 2%
0.00014
Низкий

6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-125
CWE-787