Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-4206

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

Source

Description

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

Statement

Releases of Red Hat OpenStack Platform 15 and newer consume fixes directly from the Red Hat Enterprise Linux 8 Advanced Virtualization repository. A future update may address this issue in Red Hat Enterprise Linux 8 and RHEL 8 Advanced Virtualization.

Additional Information

Bugzilla 2036998: CVE-2021-4206 QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow
CWE-190->CWE-131->CWE-120: Integer Overflow or Wraparound leads to Incorrect Calculation of Buffer Size leads to Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
FAQ: Frequently asked questions about CVE-2021-4206

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Description

Statement

Additional Information

Vulmon Search

About

Products

Connect