CVE-2021-4158
Summary
| CVE | CVE-2021-4158 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-24 16:15:00 UTC |
|---|
| Updated | 2024-01-25 21:29:00 UTC |
|---|
| Description | A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [PATCH] acpi: validate hotplug selector on access |
MISC |
www.mail-archive.com |
|
| 2035002 – (CVE-2021-4158) CVE-2021-4158 QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c |
MISC |
bugzilla.redhat.com |
|
| [PATCH] acpi: validate hotplug selector on access |
MISC |
www.mail-archive.com |
|
| READ memory access in /hw/acpi/pcihp.c (#770) · Issues · QEMU / QEMU · GitLab |
MISC |
gitlab.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| acpi: validate hotplug selector on access (9bd6565c) · Commits · QEMU / QEMU · GitLab |
MISC |
gitlab.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159638 Oracle Enterprise Linux Security Update for qemu (ELSA-2022-9123)
- 159672 Oracle Enterprise Linux Security Update for kvm_utils (ELSA-2022-9172)
- 159858 Oracle Enterprise Linux Security Update for virt:ol and virt-devel:ol (ELSA-2022-1759)
- 160273 Oracle Enterprise Linux Security Update for qemu-kvm (ELSA-2022-7967)
- 183172 Debian Security Update for qemu (CVE-2021-4158)
- 198683 Ubuntu Security Notification for QEMU Vulnerabilities (USN-5307-1)
- 240292 Red Hat Update for virt:rhel and virt-devel:rhel security (RHSA-2022:1759)
- 240913 Red Hat Update for qemu-kvm security (RHSA-2022:7967)
- 502927 Alpine Linux Security Update for qemu
- 505806 Alpine Linux Security Update for qemu
- 710604 Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)
- 903840 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (10679) (DEPRECATED)
- 903951 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (10679-1)
- 940525 AlmaLinux Security Update for virt:rhel and virt-devel:rhel (ALSA-2022:1759)
- 940832 AlmaLinux Security Update for qemu-kvm (ALSA-2022:7967)
- 960314 Rocky Linux Security Update for virt:rhel and virt-devel:rhel (RLSA-2022:1759)
- 960500 Rocky Linux Security Update for qemu-kvm (RLSA-2022:7967)
