Unrated severityNVD Advisory· Published Jun 2, 2021· Updated Aug 3, 2024
CVE-2021-3546
CVE-2021-3546
Description
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- osv-coords10 versionspkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/qemu-testsuite&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3
< 4.2.1-lp152.9.16.2+ 9 more
- (no CPE)range: < 4.2.1-lp152.9.16.2
- (no CPE)range: < 5.2.0-20.1
- (no CPE)range: < 6.1.0-32.1
- (no CPE)range: < 4.2.1-lp152.9.16.1
- (no CPE)range: < 4.2.1-lp152.9.16.7
- (no CPE)range: < 4.2.1-11.22.1
- (no CPE)range: < 4.2.1-11.22.1
- (no CPE)range: < 5.2.0-20.1
- (no CPE)range: < 4.2.1-11.22.1
- (no CPE)range: < 5.2.0-20.1
Patches
Vulnerability mechanics
References
5- security.gentoo.org/glsa/202208-27mitrevendor-advisoryx_refsource_GENTOO
- www.debian.org/security/2021/dsa-4980mitrevendor-advisoryx_refsource_DEBIAN
- www.openwall.com/lists/oss-security/2021/05/31/1mitremailing-listx_refsource_MLIST
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210720-0008/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.