CVE-2021-4158

CVE-2021-4158

Name

CVE-2021-4158

Description

A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=2035002
MISC	https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e
MISC	https://access.redhat.com/security/cve/CVE-2021-4158
MISC	https://www.mail-archive.com/qemu-devel@nongnu.org/msg857944.html
MISC	https://gitlab.com/qemu-project/qemu/-/issues/770

Type

URI

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=2035002

MISC

https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e

MISC

https://access.redhat.com/security/cve/CVE-2021-4158

MISC

https://www.mail-archive.com/qemu-devel@nongnu.org/msg857944.html

MISC

https://gitlab.com/qemu-project/qemu/-/issues/770

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:qemu:qemu::::::::`	qemu	>= 6.0.0	<= None

CPE URI

Source package

Min version

Max version

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

qemu

>= 6.0.0

<= None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
qemu	3.16-community	7.0.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
qemu	3.17-community	7.1.0-r7	Natanael Copa <ncopa@alpinelinux.org>	fixed
qemu	3.18-community	8.0.2-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
qemu	edge-community	8.0.2-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

qemu

3.16-community

7.0.0-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

qemu

3.17-community