First published: Fri Jun 18 2021(Updated: )
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU qemu | <7.0.0 | |
Redhat Enterprise Linux | =8.0 | |
ubuntu/qemu | <1:7.0+dfsg-7ubuntu1 | 1:7.0+dfsg-7ubuntu1 |
ubuntu/qemu | <1:7.0+dfsg-7ubuntu1 | 1:7.0+dfsg-7ubuntu1 |
ubuntu/qemu | <1:7.0+dfsg-7ubuntu1 | 1:7.0+dfsg-7ubuntu1 |
ubuntu/qemu | <1:6.2+dfsg-2ubuntu6.16 | 1:6.2+dfsg-2ubuntu6.16 |
debian/qemu | <=1:5.2+dfsg-11+deb11u3<=1:5.2+dfsg-11+deb11u2 | 1:3.1+dfsg-8+deb10u8 1:3.1+dfsg-8+deb10u12 1:7.2+dfsg-7+deb12u5 1:8.2.1+ds-2 1:8.2.2+ds-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3611 is a stack overflow vulnerability found in the Intel HD Audio device (intel-hda) of QEMU.
The vulnerability allows a malicious guest to crash the QEMU process on the host, resulting in a denial of service.
CVE-2021-3611 has a severity rating of 6.5, which is considered medium.
QEMU versions up to exclusive 7.0.0 and Redhat Enterprise Linux version 8.0 are affected.
Update QEMU to a version higher than 7.0.0 or apply the necessary patches provided by the vendor.