QID 355320

a null pointer dereference flaw was found in the floppy disk emulator of qemu.
This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device.
This flaw allows a privileged guest user to crash the qemu process on the host, resulting in a denial of service.
The highest threat from this vulnerability is to system availability. (
( CVE-2021-20196) a use-after-free flaw was found in the megaraid emulator of qemu.
This issue occurs while processing scsi i/o requests in the case of an error mptsas_free_request() that does not dequeue the request object req from a pending requests queue.
Versions between 2.10.0 and 5.2.0 are potentially affected. (
( CVE-2021-3392) a flaw was found in the usb redirector device (usb-redir) of qemu.
Small usb packets are combined into a single, large transfer request, to reduce the overhead and improve performance.
The combined size of the bulk transfer is used to dynamically allocate a variable length array (vla) on the stack without proper validation.
Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the qemu process to perform an excessive allocation on the stack, resulting in a denial of service. (
( CVE-2021-3527) an off-by-one error was found in the scsi device emulation in qemu.
It could occur while processing mode select commands in mode_sense_page() if the page argument was set to mode_page_alls (0x3f).
A malicious guest could use this flaw to potentially crash qemu, resulting in a denial of service condition. (
( CVE-2021-3930) a flaw was found in the qxl display device emulation in qemu.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.