Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-3545

Related Vulnerabilities: CVE-2021-3545  

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.

Source

Description

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.

Additional Information

  • Bugzilla 1958955: CVE-2021-3545 QEMU: vhost-user-gpu: information disclosure due to uninitialized memory read
  • CWE-908->CWE-200: Use of Uninitialized Resource leads to Exposure of Sensitive Information to an Unauthorized Actor
  • FAQ: Frequently asked questions about CVE-2021-3545

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started