CVE-2021-3546

Name
CVE-2021-3546
Description
A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1958978
MLIST http://www.openwall.com/lists/oss-security/2021/05/31/1

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* qemu >= None <= 6.0.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
qemu 3.13-community 5.2.0-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
qemu 3.10-main 4.0.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
qemu edge-community 6.0.0-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
qemu 3.14-community 6.0.0-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable