4.4

CVE-2021-3735

A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version6.1.0 Updaterc4
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.087
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://access.redhat.com/security/cve/CVE-2021-3735
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1997184
Third Party Advisory
Issue Tracking
https://security-tracker.debian.org/tracker/CVE-2021-3735
Third Party Advisory
https://security.netapp.com/advisory/ntap-20250228-0009/