A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.

Related CVEs

CVE-2021-3947

Key Information

GHSA ID

GHSA-435p-4r6f-2842

Published

February 19, 2022 12:01 AM

Last Modified

March 17, 2022 12:05 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 15, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.