CVE-2021-3735

Name
CVE-2021-3735
Description
A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://access.redhat.com/security/cve/CVE-2021-3735
MISC https://security-tracker.debian.org/tracker/CVE-2021-3735
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1997184

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:qemu:qemu:6.1.0:rc4:*:*:*:*:*:* qemu == None == 6.1.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status