Описание
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
An out-of-bounds read-access flaw was found in the ATAPI Emulator of QEMU. This issue occurs while processing the ATAPI read command if the logical block address(LBA) is set to an invalid value. A guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Out of support scope | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.3/qemu-kvm | Affected | ||
| Advanced Virtualization for RHEL 8.3.1 | virt | Fixed | RHBA-2021:0639 | 22.02.2021 |
| Advanced Virtualization for RHEL 8.3.1 | virt-devel | Fixed | RHBA-2021:0639 | 22.02.2021 |
| Red Hat Enterprise Linux 7 | qemu-kvm | Fixed | RHSA-2021:2322 | 08.06.2021 |
| Red Hat Enterprise Linux 8 | virt-devel | Fixed | RHSA-2021:1762 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | virt | Fixed | RHSA-2021:1762 | 18.05.2021 |
Показывать по
Дополнительная информация
Статус:
3.9 Low
CVSS3
Связанные уязвимости
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of- ...
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
3.9 Low
CVSS3