CVE-2021-3608
Severity CVSS v4.0:
Pending analysis
Type:
CWE-824
Access of Uninitialized Pointer
Publication date:
24/02/2022
Last modified:
26/10/2022
Description
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
Impact
Base Score 3.x
6.00
Severity 3.x
MEDIUM
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* | 6.1.0 (excluding) | |
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page