Home

CVE-2021-3607

Description

An integer overflow was found in the QEMU implementation of VMWares paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a PVRDMA_REG_DSRHIGH write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Risk Information

Base Score
6.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.173

Associated Vulnerability

VulnerabilityOS Platform
Machine emulator and virtualizer (USN-5010-1) qemu_5.0-5ubuntu9.9_amd64.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu_4.2-3ubuntu6.17_amd64.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu_5.2+dfsg-9ubuntu3.1_amd64.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu_2.11+dfsg-1ubuntu7.37_i386.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu_2.11+dfsg-1ubuntu7.37_amd64.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu-system_5.0-5ubuntu9.9_amd64.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu-system_4.2-3ubuntu6.17_amd64.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu-system_5.2+dfsg-9ubuntu3.1_amd64.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu-system_2.11+dfsg-1ubuntu7.37_i386.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu-system_2.11+dfsg-1ubuntu7.37_amd64.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu-system-x86_5.0-5ubuntu9.9_amd64.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu-system-x86_4.2-3ubuntu6.17_amd64.debLinux
Machine emulator and virtualizer (USN-5010-1) qemu-system-x86_5.2+dfsg-9ubuntu3.1_amd64.debLinux
Qemu update (ELSA-2021-9425) qemu-4.2.1-11.el7.x86_64.rpmLinux
Qemu-block-gluster update (ELSA-2021-9425) qemu-block-gluster-4.2.1-11.el7.x86_64.rpmLinux
Qemu-block-iscsi update (ELSA-2021-9425) qemu-block-iscsi-4.2.1-11.el7.x86_64.rpmLinux
Qemu-block-rbd update (ELSA-2021-9425) qemu-block-rbd-4.2.1-11.el7.x86_64.rpmLinux
Qemu-common update (ELSA-2021-9425) qemu-common-4.2.1-11.el7.x86_64.rpmLinux
Qemu-img update (ELSA-2021-9425) qemu-img-4.2.1-11.el7.x86_64.rpmLinux
Qemu-kvm update (ELSA-2021-9425) qemu-kvm-4.2.1-11.el7.x86_64.rpmLinux
Qemu-kvm-core update (ELSA-2021-9425) qemu-kvm-core-4.2.1-11.el7.x86_64.rpmLinux
Qemu-system-x86 update (ELSA-2021-9425) qemu-system-x86-4.2.1-11.el7.x86_64.rpmLinux
Qemu-system-x86-core update (ELSA-2021-9425) qemu-system-x86-core-4.2.1-11.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234