Home

CVE-2021-4145

Description

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The self pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that its not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.065

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2021-3638,CVE-2021-4145 are affected in QEMU 6.1.0Windows
Qemu update (ELSA-2022-9344) qemu-4.2.1-16.el7.x86_64.rpmLinux
Qemu-block-gluster update (ELSA-2022-9344) qemu-block-gluster-4.2.1-16.el7.x86_64.rpmLinux
Qemu-block-iscsi update (ELSA-2022-9344) qemu-block-iscsi-4.2.1-16.el7.x86_64.rpmLinux
Qemu-block-rbd update (ELSA-2022-9344) qemu-block-rbd-4.2.1-16.el7.x86_64.rpmLinux
Qemu-common update (ELSA-2022-9344) qemu-common-4.2.1-16.el7.x86_64.rpmLinux
Qemu-img update (ELSA-2022-9344) qemu-img-4.2.1-16.el7.x86_64.rpmLinux
Qemu-kvm update (ELSA-2022-9344) qemu-kvm-4.2.1-16.el7.x86_64.rpmLinux
Qemu-kvm-core update (ELSA-2022-9344) qemu-kvm-core-4.2.1-16.el7.x86_64.rpmLinux
Qemu-system-x86 update (ELSA-2022-9344) qemu-system-x86-4.2.1-16.el7.x86_64.rpmLinux
Qemu-system-x86-core update (ELSA-2022-9344) qemu-system-x86-core-4.2.1-16.el7.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update hivex-debugsource-1.3.18-23.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update hivex-devel-1.3.18-23.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-appliance-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-bash-completion-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.noarch.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-debugsource-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-devel-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-gfs2-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-gobject-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-gobject-devel-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-inspect-icons-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.noarch.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-java-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-java-devel-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-javadoc-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.noarch.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-man-pages-ja-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.noarch.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-man-pages-uk-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.noarch.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-rescue-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-rsync-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-tools-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.noarch.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-tools-c-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-winsupport-8.6-1.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libguestfs-xfs-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libiscsi-debugsource-1.18.0-8.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libiscsi-devel-1.18.0-8.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libiscsi-utils-1.18.0-8.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libnbd-1.6.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libnbd-bash-completion-1.6.0-5.module+el8.6.0+14480+c0a3aa0f.noarch.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libnbd-debugsource-1.6.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libnbd-devel-1.6.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libtpms-debugsource-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libtpms-devel-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libvirt-dbus-debugsource-1.3.0-2.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libvirt-debugsource-8.0.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libvirt-docs-8.0.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libvirt-lock-sanlock-8.0.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libvirt-nss-8.0.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libvirt-python-debugsource-8.0.0-1.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update libvirt-wireshark-8.0.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update lua-guestfs-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdfuse-1.6.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-bash-completion-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.noarch.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-basic-filters-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-basic-plugins-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-curl-plugin-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-debugsource-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-devel-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-example-plugins-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-gzip-filter-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-gzip-plugin-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-linuxdisk-plugin-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-nbd-plugin-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-python-plugin-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-server-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-ssh-plugin-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-tar-filter-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-tar-plugin-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-tmpdisk-plugin-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-vddk-plugin-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update nbdkit-xz-filter-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update netcf-0.2.8-12.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update netcf-debugsource-0.2.8-12.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update netcf-devel-0.2.8-12.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update perl-Sys-Virt-debugsource-8.0.0-1.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update python3-hivex-1.3.18-23.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update python3-libguestfs-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update python3-libnbd-1.6.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update qemu-kvm-debugsource-6.2.0-11.module+el8.6.0+14707+5aa4b42d.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update qemu-kvm-docs-6.2.0-11.module+el8.6.0+14707+5aa4b42d.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update qemu-kvm-hw-usbredir-6.2.0-11.module+el8.6.0+14707+5aa4b42d.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update qemu-kvm-ui-opengl-6.2.0-11.module+el8.6.0+14707+5aa4b42d.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update qemu-kvm-ui-spice-6.2.0-11.module+el8.6.0+14707+5aa4b42d.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update ruby-hivex-1.3.18-23.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update ruby-libguestfs-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update sgabios-0.20170427git-3.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update supermin-debugsource-5.2.1-1.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update supermin-devel-5.2.1-1.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update swtpm-0.7.0-1.20211109gitb79fd91.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update swtpm-debugsource-0.7.0-1.20211109gitb79fd91.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update swtpm-devel-0.7.0-1.20211109gitb79fd91.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update swtpm-libs-0.7.0-1.20211109gitb79fd91.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update swtpm-tools-0.7.0-1.20211109gitb79fd91.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update swtpm-tools-pkcs11-0.7.0-1.20211109gitb79fd91.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update virt-dib-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update virt-v2v-1.42.0-18.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update virt-v2v-bash-completion-1.42.0-18.module+el8.6.0+14480+c0a3aa0f.noarch.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update virt-v2v-debugsource-1.42.0-18.module+el8.6.0+14480+c0a3aa0f.x86_64.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update virt-v2v-man-pages-ja-1.42.0-18.module+el8.6.0+14480+c0a3aa0f.noarch.rpmLinux
(RHSA-2022:1759) virt:rhel and virt-devel:rhel security, bug fix, and enhancement update virt-v2v-man-pages-uk-1.42.0-18.module+el8.6.0+14480+c0a3aa0f.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234