6

CVE-2021-3608

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version < 6.1.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version34
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.28
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 1.5 4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202208-27
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220318-0002/
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1973383
Third Party Advisory
Issue Tracking
https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html
Patch
Third Party Advisory
Mailing List