Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-4207

Опубликовано: 29 апр. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.6
CVSS3: 8.2

Описание

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor->header.width and cursor->header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

РелизСтатусПримечание
bionic

released

1:2.11+dfsg-1ubuntu7.40
devel

released

1:6.2+dfsg-2ubuntu8
esm-infra-legacy/trusty

needs-triage

esm-infra/bionic

not-affected

1:2.11+dfsg-1ubuntu7.40
esm-infra/focal

not-affected

1:4.2-3ubuntu6.23
esm-infra/xenial

needs-triage

focal

released

1:4.2-3ubuntu6.23
impish

released

1:6.0+dfsg-2expubuntu1.3
jammy

released

1:6.2+dfsg-2ubuntu6.2
kinetic

released

1:6.2+dfsg-2ubuntu8

Показывать по

EPSS

Процентиль: 11%
0.0004
Низкий

4.6 Medium

CVSS2

8.2 High

CVSS3

Связанные уязвимости

CVSS3: 7.5
redhat
больше 3 лет назад

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

CVSS3: 8.2
nvd
больше 3 лет назад

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

CVSS3: 8.2
msrc
12 месяцев назад

Описание отсутствует

CVSS3: 8.2
debian
больше 3 лет назад

A flaw was found in the QXL display device emulation in QEMU. A double ...

CVSS3: 8.8
github
больше 3 лет назад

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

EPSS

Процентиль: 11%
0.0004
Низкий

4.6 Medium

CVSS2

8.2 High

CVSS3