Your submission was sent successfully! Close

CVE-2021-3582

Published: 18 June 2021

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (1:4.2-3ubuntu6.17)
groovy
Released (1:5.0-5ubuntu9.9)
hirsute
Released (1:5.2+dfsg-9ubuntu3.1)
impish
Released (1:6.0+dfsg-2expubuntu1)
jammy
Released (1:6.0+dfsg-2expubuntu1)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=284f191b4abad213aed04cb0458e1600fd18d7c4