{"api_version":"1","generated_at":"2026-04-23T03:25:10+00:00","cve":"CVE-2021-20221","urls":{"html":"https://cve.report/CVE-2021-20221","api":"https://cve.report/api/cve/CVE-2021-20221.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-20221","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-20221"},"summary":{"title":"CVE-2021-20221","description":"An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-05-13 16:15:00","updated_at":"2023-11-07 03:29:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924601","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1924601","refsource":"MISC","tags":[],"title":"1924601 – (CVE-2021-20221) CVE-2021-20221 qemu: out-of-bound heap buffer access via an interrupt ID field","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.openwall.com/lists/oss-security/2021/02/05/1","name":"https://www.openwall.com/lists/oss-security/2021/02/05/1","refsource":"MISC","tags":[],"title":"oss-security - CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access\n via an interrupt ID field","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20210708-0005/","name":"https://security.netapp.com/advisory/ntap-20210708-0005/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-20221 QEMU Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2021:3061","name":"https://access.redhat.com/errata/RHSA-2021:3061","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.launchpad.net/qemu/+bug/1914353","name":"https://bugs.launchpad.net/qemu/+bug/1914353","refsource":"MISC","tags":[],"title":"Bug #1914353 “QEMU: aarch64: :GIC: out-of-bounds access via inte...” : Bugs : QEMU","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html","name":"[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3099-1] qemu security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html","name":"[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2560-1] qemu security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/02/05/1","name":"[oss-security] 20210205 CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field","refsource":"MLIST","tags":[],"title":"oss-security - CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access\n via an interrupt ID field","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2021:2521","name":"https://access.redhat.com/errata/RHSA-2021:2521","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2021-20221","name":"https://access.redhat.com/security/cve/CVE-2021-20221","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2021:1125","name":"https://access.redhat.com/errata/RHSA-2021:1125","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-20221","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20221","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"20221","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20221","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20221","vulnerable":"1","versionEndIncluding":"4.2.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20221","vulnerable":"1","versionEndIncluding":"4.2.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"arm64","cpe13":"*"},{"cve_year":"2021","cve_id":"20221","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20221","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"advanced_virtualization","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-20221","qid":"159250","title":"Oracle Enterprise Linux Security Update for qemu (ELSA-2021-9285)"},{"cve":"CVE-2021-20221","qid":"159343","title":"Oracle Enterprise Linux Security Update for virt:ol and virt-devel:rhel (ELSA-2021-3061)"},{"cve":"CVE-2021-20221","qid":"159566","title":"Oracle Enterprise Linux Security Update for kvm_utils (ELSA-2021-9568)"},{"cve":"CVE-2021-20221","qid":"174921","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1245-1)"},{"cve":"CVE-2021-20221","qid":"174923","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1241-1)"},{"cve":"CVE-2021-20221","qid":"174924","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1244-1)"},{"cve":"CVE-2021-20221","qid":"174926","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1242-1)"},{"cve":"CVE-2021-20221","qid":"180227","title":"Debian Security Update for qemu (CVE-2021-20221)"},{"cve":"CVE-2021-20221","qid":"180995","title":"Debian Security Update for qemu (DLA 3099-1)"},{"cve":"CVE-2021-20221","qid":"198432","title":"Ubuntu Security Notification for QEMU vulnerabilities (USN-5010-1)"},{"cve":"CVE-2021-20221","qid":"239539","title":"Red Hat Update for virt:rhel and virt-devel:rhel (RHSA-2021:3061)"},{"cve":"CVE-2021-20221","qid":"377346","title":"Alibaba Cloud Linux Security Update for virt:rhel and virt-devel:rhel (ALINUX3-SA-2021:0058)"},{"cve":"CVE-2021-20221","qid":"502351","title":"Alpine Linux Security Update for qemu"},{"cve":"CVE-2021-20221","qid":"671198","title":"EulerOS Security Update for qemu (EulerOS-SA-2022-1034)"},{"cve":"CVE-2021-20221","qid":"671203","title":"EulerOS Security Update for qemu (EulerOS-SA-2022-1014)"},{"cve":"CVE-2021-20221","qid":"750124","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1894-1)"},{"cve":"CVE-2021-20221","qid":"750338","title":"OpenSUSE Security Update for qemu (openSUSE-SU-2021:0363-1)"},{"cve":"CVE-2021-20221","qid":"900156","title":"CBL-Mariner Linux Security Update for qemu-kvm 4.2.0"},{"cve":"CVE-2021-20221","qid":"903375","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (4272)"},{"cve":"CVE-2021-20221","qid":"940064","title":"AlmaLinux Security Update for virt:rhel and virt-devel:rhel (ALSA-2021:3061)"},{"cve":"CVE-2021-20221","qid":"960072","title":"Rocky Linux Security Update for virt:rhel and virt-devel:rhel (RLSA-2021:3061)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2021-20221","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-125->CWE-787","cweId":"CWE-125"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"qemu","version":{"version_data":[{"version_affected":"=","version_value":"up to, including qemu 4.2.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924601","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1924601"},{"url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"},{"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"},{"url":"http://www.openwall.com/lists/oss-security/2021/02/05/1","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2021/02/05/1"},{"url":"https://security.netapp.com/advisory/ntap-20210708-0005/","refsource":"MISC","name":"https://security.netapp.com/advisory/ntap-20210708-0005/"}]}},"nvd":{"publishedDate":"2021-05-13 16:15:00","lastModifiedDate":"2023-11-07 03:29:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.5,"impactScore":4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:arm64:*","versionEndIncluding":"4.2.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"20221","Ordinal":"194262","Title":"CVE-2021-20221","CVE":"CVE-2021-20221","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"20221","Ordinal":"1","NoteData":"An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"20221","Ordinal":"2","NoteData":"2021-05-13","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"20221","Ordinal":"3","NoteData":"2021-07-08","Type":"Other","Title":"Modified"}]}}}