Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-3607

Опубликовано: 24 фев. 2022
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.9
CVSS3: 6

Описание

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

РелизСтатусПримечание
bionic

not-affected

code not present
devel

released

1:6.0+dfsg-2expubuntu1
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

1:4.2-3ubuntu6.17
esm-infra/xenial

not-affected

code not present
focal

released

1:4.2-3ubuntu6.17
groovy

released

1:5.0-5ubuntu9.9
hirsute

released

1:5.2+dfsg-9ubuntu3.1
impish

released

1:6.0+dfsg-2expubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 3%
0.00018
Низкий

4.9 Medium

CVSS2

6 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-3607

CVSS3: 6
redhat
около 4 лет назад

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2021-3607

CVSS3: 6
nvd
больше 3 лет назад

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

msrc логотип

CVE-2021-3607

CVSS3: 6
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2021-3607

CVSS3: 6
debian
больше 3 лет назад

An integer overflow was found in the QEMU implementation of VMWare's p ...

github логотип

GHSA-3h3j-q234-gp6p

CVSS3: 6
github
больше 3 лет назад

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

EPSS

Процентиль: 3%
0.00018
Низкий

4.9 Medium

CVSS2

6 Medium

CVSS3