CVE-2021-3607
Summary
| CVE | CVE-2021-3607 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-02-24 19:15:00 UTC |
|---|
| Updated | 2023-11-07 03:38:00 UTC |
|---|
| Description | An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 3099-1] qemu security update |
MLIST |
lists.debian.org |
|
| 1973349 – (CVE-2021-3607) CVE-2021-3607 QEMU: pvrdma: unchecked malloc size due to integer overflow in init_dev_ring() |
MISC |
bugzilla.redhat.com |
|
| [PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607) |
MISC |
lists.gnu.org |
|
| February 2022 QEMU Vulnerabilities in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159368 Oracle Enterprise Linux Security Update for qemu (ELSA-2021-9425)
- 159465 Oracle Enterprise Linux Security Update for qemu (ELSA-2021-9425)
- 159566 Oracle Enterprise Linux Security Update for kvm_utils (ELSA-2021-9568)
- 180201 Debian Security Update for qemu (CVE-2021-3607)
- 180995 Debian Security Update for qemu (DLA 3099-1)
- 198432 Ubuntu Security Notification for QEMU vulnerabilities (USN-5010-1)
- 710604 Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)
- 750874 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2442-1)
- 750879 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:2448-1)
- 750901 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2474-1)
- 750910 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:2591-1)
- 750912 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2591-1)
- 751053 OpenSUSE Security Update for qemu (openSUSE-SU-2021:1202-1)
- 900705 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (8814)
