Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-3638

Published: 03/03/2022 Updated: 23/02/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Qemu

Vulnerability Summary

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Debian CVElist Bug Report Logs: qemu: CVE-2021-3638
Debian Bug report logs - #992726 qemu: CVE-2021-3638 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 22 Aug 2021 18:45:02 UTC Severity: important Tags: security, upstream Found in version qemu/1: ...
Debian Security Advisories: DSA-4980-1 qemu -- security update
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the the execution of arbitrary code For the stable distribution (bullseye), these problems have been fixed in version 1:52+dfsg-11+deb11u1 We recommend that you upgrade your qemu packages For the detailed security status of qe ...
Red Hat: CVE-2021-3638
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of ...
Arch Linux Issues:
An out-of-bounds memory access security issue was found in the ATI VGA device emulation of QEMU This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-787https://bugzilla.redhat.com/show_bug.cgi?id=1979858https://ubuntu.com/security/CVE-2021-3638https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.htmlhttps://security.netapp.com/advisory/ntap-20220407-0003/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992726https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11https://www.debian.org/security/2021/dsa-4980
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook