Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-4206

Опубликовано: 29 апр. 2022
Источник: nvd
CVSS3: 8.2
CVSS2: 4.6
EPSS Низкий

Описание

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Версия до 7.0.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 40%
0.00174
Низкий

8.2 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-190
CWE-120

Связанные уязвимости

ubuntu логотип

CVE-2021-4206

CVSS3: 8.2
ubuntu
около 3 лет назад

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

redhat логотип

CVE-2021-4206

CVSS3: 7.5
redhat
около 3 лет назад

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

msrc логотип

CVE-2021-4206

CVSS3: 8.2
msrc
11 месяцев назад

Описание отсутствует

debian логотип

CVE-2021-4206

CVSS3: 8.2
debian
около 3 лет назад

A flaw was found in the QXL display device emulation in QEMU. An integ ...

github логотип

GHSA-rxh4-5vqx-xjq8

CVSS3: 8.2
github
около 3 лет назад

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

EPSS

Процентиль: 40%
0.00174
Низкий

8.2 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-190
CWE-120