Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-4207

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

Source

Description

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

Statement

Releases of Red Hat OpenStack Platform 15 and newer consume fixes directly from the Red Hat Enterprise Linux 8 Advanced Virtualization repository. A future update may address this issue in Red Hat Enterprise Linux 8 and RHEL 8 Advanced Virtualization.

Additional Information

Bugzilla 2036966: CVE-2021-4207 QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow
CWE-362->CWE-120: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') leads to Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
FAQ: Frequently asked questions about CVE-2021-4207

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Description

Statement

Additional Information

Vulmon Search

About

Products

Connect