CVE-2021-3608

Severity CVSS v4.0:
Pending analysis
Type:
CWE-824 Access of Uninitialized Pointer
Publication date:
24/02/2022
Last modified:
26/10/2022

Description

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* 6.1.0 (excluding)
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*