Unrated severityNVD Advisory· Published May 13, 2021· Updated Aug 3, 2024

CVE-2021-20221

Description

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

Affected products

N/A/Qemuv5
Range: up to, including qemu 4.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2021/02/05/1mitremailing-listx_refsource_MLIST
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2021/02/msg00024.htmlmitremailing-listx_refsource_MLIST
lists.debian.org/debian-lts-announce/2022/09/msg00008.htmlmitremailing-listx_refsource_MLIST
security.netapp.com/advisory/ntap-20210708-0005/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000