QwikSec

Security Database

CVE

CWE

Training

CVE-2021-4145

Published: Jan 25, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.

Vendor	Product	Versions
n/a	QEMU	affected `qemu-kvm 6.2.0`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2034602

x_refsource_MISC

https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220311-0004/

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.