CVE-2021-3582
Description
A flaw was found in the QEMU implementation of VMWares paravirtual RDMA device. The issue occurs while handling a PVRDMA_CMD_CREATE_MR command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.162
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Machine emulator and virtualizer (USN-5010-1) qemu_5.0-5ubuntu9.9_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu_4.2-3ubuntu6.17_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu_5.2+dfsg-9ubuntu3.1_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu_2.11+dfsg-1ubuntu7.37_i386.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu_2.11+dfsg-1ubuntu7.37_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu-system_5.0-5ubuntu9.9_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu-system_4.2-3ubuntu6.17_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu-system_5.2+dfsg-9ubuntu3.1_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu-system_2.11+dfsg-1ubuntu7.37_i386.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu-system_2.11+dfsg-1ubuntu7.37_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu-system-x86_5.0-5ubuntu9.9_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu-system-x86_4.2-3ubuntu6.17_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-5010-1) qemu-system-x86_5.2+dfsg-9ubuntu3.1_amd64.deb | Linux |
| Qemu update (ELSA-2021-9425) qemu-4.2.1-11.el7.x86_64.rpm | Linux |
| Qemu-block-gluster update (ELSA-2021-9425) qemu-block-gluster-4.2.1-11.el7.x86_64.rpm | Linux |
| Qemu-block-iscsi update (ELSA-2021-9425) qemu-block-iscsi-4.2.1-11.el7.x86_64.rpm | Linux |
| Qemu-block-rbd update (ELSA-2021-9425) qemu-block-rbd-4.2.1-11.el7.x86_64.rpm | Linux |
| Qemu-common update (ELSA-2021-9425) qemu-common-4.2.1-11.el7.x86_64.rpm | Linux |
| Qemu-img update (ELSA-2021-9425) qemu-img-4.2.1-11.el7.x86_64.rpm | Linux |
| Qemu-kvm update (ELSA-2021-9425) qemu-kvm-4.2.1-11.el7.x86_64.rpm | Linux |
| Qemu-kvm-core update (ELSA-2021-9425) qemu-kvm-core-4.2.1-11.el7.x86_64.rpm | Linux |
| Qemu-system-x86 update (ELSA-2021-9425) qemu-system-x86-4.2.1-11.el7.x86_64.rpm | Linux |
| Qemu-system-x86-core update (ELSA-2021-9425) qemu-system-x86-core-4.2.1-11.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234