Back to search
CVE-2021-3409
Published: Mar 23, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
| Vendor | Product | Versions |
|---|---|---|
n/a | QEMU | affected up to (including) 5.2.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1928146
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2021/03/09/1
x_refsource_MISC
[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update
mailing-list
x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20210507-0001/
x_refsource_CONFIRM
GLSA-202208-27
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now