Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3582

Опубликовано: 16 июн. 2021
Источник: redhat
CVSS3: 3.2
EPSS Низкий

Описание

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.

Отчет

The versions of qemu-kvm as shipped with Red Hat Enterprise Linux and RHEL Advanced Virtualization are not affected by this flaw, as they are not built with PVRDMA support.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 8virt:rhel/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.3/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/qemu-kvmNot affected
Red Hat Enterprise Linux 9qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1966266QEMU: pvrdma: unproperly mremap in pvrdma_map_to_pdir()

EPSS

Процентиль: 5%
0.00024
Низкий

3.2 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3582

CVSS3: 6.5
ubuntu
больше 3 лет назад

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2021-3582

CVSS3: 6.5
nvd
больше 3 лет назад

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2021-3582

CVSS3: 6.5
debian
больше 3 лет назад

A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...

github логотип

GHSA-x7v7-hc56-547j

CVSS3: 6.5
github
больше 3 лет назад

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.

fstec логотип

BDU:2022-05783

CVSS3: 6.5
fstec
около 4 лет назад

Уязвимость команды PVRDMA_CMD_CREATE_MR эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 5%
0.00024
Низкий

3.2 Low

CVSS3