Your submission was sent successfully! Close

CVE-2021-3611

Published: 11 May 2022

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(1:2.11+dfsg-1ubuntu7.36)
focal Not vulnerable
(1:4.2-3ubuntu6.16)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needed

jammy Needed

trusty Not vulnerable

upstream Needs triage

xenial Not vulnerable

Notes

AuthorNote
mdeslaur
introduced in 5.0.0-rc0 by:
https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10

Part of the DMA reentrancy issues.
Fixing this requires backporting the 22 DMA changes listed
below.

References

Bugs