Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-3947

Related Vulnerabilities: CVE-2021-3947  

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.

Source

Description

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.

Statement

The qemu-kvm package as shipped with RHEL is not affected by this flaw as it does not include support for NVME emulation

The qemu-kvm package as shipped with RHEL is not affected by this flaw as it does not include support for NVME emulation

Additional Information

  • Bugzilla 2021869: CVE-2021-3947 QEMU: NVME: Arbitrary Memory Read
  • CWE-125: Out-of-bounds Read
  • FAQ: Frequently asked questions about CVE-2021-3947

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started