Unrated severityNVD Advisory· Published Mar 3, 2022· Updated Aug 3, 2024

CVE-2021-3638

Description

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Affected products

N/A/Qemuv5
Range: Affects qemu v4.0 to v6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/mitrevendor-advisory
bugzilla.redhat.com/show_bug.cgimitre
lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.htmlmitre
security.netapp.com/advisory/ntap-20220407-0003/mitre
ubuntu.com/security/CVE-2021-3638mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000