First published: Thu Jun 17 2021(Updated: )
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU qemu | <6.1.0 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =34 | |
ubuntu/qemu | <1:4.2-3ubuntu6.17 | 1:4.2-3ubuntu6.17 |
ubuntu/qemu | <1:5.0-5ubuntu9.9 | 1:5.0-5ubuntu9.9 |
ubuntu/qemu | <1:5.2+dfsg-9ubuntu3.1 | 1:5.2+dfsg-9ubuntu3.1 |
ubuntu/qemu | <1:6.0+dfsg-2 | 1:6.0+dfsg-2 |
ubuntu/qemu | <1:6.0+dfsg-2 | 1:6.0+dfsg-2 |
redhat/qemu-kvm | <6.1.0 | 6.1.0 |
debian/qemu | <=1:3.1+dfsg-8+deb10u8 | 1:3.1+dfsg-8+deb10u11 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u3 1:8.2.1+ds-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-3607.
The severity level of CVE-2021-3607 is medium.
The affected software for CVE-2021-3607 includes QEMU qemu, Debian Debian Linux, and Fedoraproject Fedora.
CVE-2021-3607 occurs due to an integer overflow in the QEMU implementation of VMWare's paravirtual RDMA device.
You can find more information about CVE-2021-3607 at the following references: [1], [2], [3]