Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-3638

Опубликовано: 03 мар. 2022
Источник: nvd
CVSS3: 6.5
CVSS2: 2.1
EPSS Низкий

Описание

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Версия от 4.0.0 (включая) до 6.1.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

EPSS

Процентиль: 1%
0.00009
Низкий

6.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-787
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2021-3638

CVSS3: 6.5
ubuntu
больше 3 лет назад

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

redhat логотип

CVE-2021-3638

CVSS3: 6
redhat
почти 4 года назад

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

msrc логотип

CVE-2021-3638

CVSS3: 6.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2021-3638

CVSS3: 6.5
debian
больше 3 лет назад

An out-of-bounds memory access flaw was found in the ATI VGA device em ...

github логотип

GHSA-2r38-g5xg-3v7g

CVSS3: 6.5
github
больше 3 лет назад

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

EPSS

Процентиль: 1%
0.00009
Низкий

6.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-787
CWE-787