QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3607

Published: Feb 24, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Vendor	Product	Versions
n/a	QEMU	affected `qemu-kvm 6.1.0`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1973349

x_refsource_MISC

https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220318-0002/

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.