CVE-2021-3582
Summary
| CVE | CVE-2021-3582 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-03-25 19:15:00 UTC |
|---|
| Updated | 2022-10-05 18:26:00 UTC |
|---|
| Description | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Debian |
Debian Linux |
10.0 |
All |
All |
All |
| Application |
Qemu |
Qemu |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| CVE-2021-3582 QEMU Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| 1966266 – (CVE-2021-3582) CVE-2021-3582 QEMU: pvrdma: unproperly mremap in pvrdma_map_to_pdir() |
MISC |
bugzilla.redhat.com |
|
| [SECURITY] [DLA 3099-1] qemu security update |
MLIST |
lists.debian.org |
|
| QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159368 Oracle Enterprise Linux Security Update for qemu (ELSA-2021-9425)
- 159465 Oracle Enterprise Linux Security Update for qemu (ELSA-2021-9425)
- 159566 Oracle Enterprise Linux Security Update for kvm_utils (ELSA-2021-9568)
- 179568 Debian Security Update for qemu (CVE-2021-3582)
- 180995 Debian Security Update for qemu (DLA 3099-1)
- 198432 Ubuntu Security Notification for QEMU vulnerabilities (USN-5010-1)
- 710604 Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)
- 750874 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2442-1)
- 750879 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:2448-1)
- 750901 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2474-1)
- 750910 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:2591-1)
- 750912 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2591-1)
- 751053 OpenSUSE Security Update for qemu (openSUSE-SU-2021:1202-1)
