Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-3638

UNKNOWN
Published 2022-03-03T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-3638. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-2r38-g5xg-3v7g

Advisory Details

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-3638
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1979858
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O
WEB https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html
WEB https://security.netapp.com/advisory/ntap-20220407-0003
WEB https://ubuntu.com/security/CVE-2021-3638

Advisory provided by GitHub Security Advisory Database. Published: March 5, 2022, Modified: March 17, 2022

References

https://bugzilla.redhat.com/show_bug.cgi?id=1979858
https://ubuntu.com/security/CVE-2021-3638
https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html
https://security.netapp.com/advisory/ntap-20220407-0003/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/
Published: 2022-03-03T00:00:00
Last Modified: 2024-08-03T17:01:07.554Z
Copied to clipboard!