CVE-2021-3608
Summary
| CVE | CVE-2021-3608 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-02-24 19:15:00 UTC |
|---|
| Updated | 2022-10-26 13:29:00 UTC |
|---|
| Description | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 3099-1] qemu security update |
MLIST |
lists.debian.org |
|
| 1973383 – (CVE-2021-3608) CVE-2021-3608 QEMU: pvrdma: uninitialized memory unmap in pvrdma_ring_init() |
MISC |
bugzilla.redhat.com |
|
| February 2022 QEMU Vulnerabilities in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608) |
MISC |
lists.gnu.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159368 Oracle Enterprise Linux Security Update for qemu (ELSA-2021-9425)
- 159465 Oracle Enterprise Linux Security Update for qemu (ELSA-2021-9425)
- 159566 Oracle Enterprise Linux Security Update for kvm_utils (ELSA-2021-9568)
- 180249 Debian Security Update for qemu (CVE-2021-3608)
- 180995 Debian Security Update for qemu (DLA 3099-1)
- 198432 Ubuntu Security Notification for QEMU vulnerabilities (USN-5010-1)
- 710604 Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)
- 750874 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2442-1)
- 750879 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:2448-1)
- 750901 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2474-1)
- 750910 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:2591-1)
- 750912 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2591-1)
- 751053 OpenSUSE Security Update for qemu (openSUSE-SU-2021:1202-1)
- 900706 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (8815)
