First published: Fri Nov 05 2021(Updated: )
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU qemu | <6.2.0 | |
Redhat Codeready Linux Builder | =8.0 | |
IBM Cognos Analytics 11.1.x | =8.0 | |
Redhat Codeready Linux Builder For Power Little Endian | =8.0 | |
Redhat Openstack | =10 | |
Redhat Openstack | =13 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Advanced Virtualization Eus | =8.4 | |
Redhat Enterprise Linux For Ibm Z Systems | =8.0 | |
Redhat Enterprise Linux For Power Little Endian | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
ubuntu/qemu | <1:2.11+dfsg-1ubuntu7.39 | 1:2.11+dfsg-1ubuntu7.39 |
ubuntu/qemu | <1:4.2-3ubuntu6.21 | 1:4.2-3ubuntu6.21 |
ubuntu/qemu | <1:6.0+dfsg-2 | 1:6.0+dfsg-2 |
ubuntu/qemu | <2.0.0+dfsg-2ubuntu1.47+ | 2.0.0+dfsg-2ubuntu1.47+ |
ubuntu/qemu | <1:2.5+dfsg-5ubuntu10.51+ | 1:2.5+dfsg-5ubuntu10.51+ |
ubuntu/qemu | <1:6.2+dfsg-2ubuntu5 | 1:6.2+dfsg-2ubuntu5 |
ubuntu/qemu | <1:6.2+dfsg-2ubuntu5 | 1:6.2+dfsg-2ubuntu5 |
redhat/qemu-kvm | <6.2.0 | 6.2.0 |
debian/qemu | <=1:3.1+dfsg-8+deb10u8<=1:5.2+dfsg-11+deb11u2 | 1:3.1+dfsg-8+deb10u11 1:5.2+dfsg-11+deb11u3 1:7.2+dfsg-7+deb12u3 1:8.2.1+ds-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3930 is an off-by-one error found in the SCSI device emulation in QEMU.
CVE-2021-3930 could potentially crash QEMU, resulting in a denial of service condition.
QEMU versions up to and excluding 6.2.0 are affected by CVE-2021-3930.
CVE-2021-3930 has a severity rating of 6.5 (medium).
You can find more information about CVE-2021-3930 on the Red Hat Bugzilla and NetApp security advisory websites, as well as the Debian LTS announce mailing list.