Your submission was sent successfully! Close

CVE-2021-3607

Published: 18 June 2021

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Priority

Low

CVSS 3 base score: 6.0

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (1:4.2-3ubuntu6.17)
groovy
Released (1:5.0-5ubuntu9.9)
hirsute
Released (1:5.2+dfsg-9ubuntu3.1)
impish
Released (1:6.0+dfsg-2expubuntu1)
jammy
Released (1:6.0+dfsg-2expubuntu1)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)