Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2021-3546

Published: 2 June 2021

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.

Notes

AuthorNote
mdeslaur 
same commits as CVE-2021-3544

Priority

Medium

Cvss 3 Severity Score

8.2

Score breakdown

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(code not present)
focal
Released (1:4.2-3ubuntu6.17)
groovy
Released (1:5.0-5ubuntu9.9)
hirsute
Released (1:5.2+dfsg-9ubuntu3.1)
jammy
Released (1:6.2+dfsg-2ubuntu5)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
impish
Released (1:6.0+dfsg-2expubuntu1.2)
Patches:
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=121841b25d72d13f8cad554363138c360f1250ea
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=86dd8fac2acc366930a5dc08d3fb1b1e816f4e1e
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=b9f79858a614d95f5de875d0ca31096eaab72c3b
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=f6091d86ba9ea05f4e111b9b42ee0005c37a6779
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=63736af5a6571d9def93769431e0d7e38c6677bf
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=9f22893adcb02580aee5968f32baa2cd109b3ec2
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=3ea32d1355d446057c17458238db2749c52ee8f0
qemu-kvm
Launchpad, Ubuntu, Debian 		bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

Severity score breakdown

Parameter Value
Base score 8.2
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Scope Changed
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading