Published: 26/05/2021 Updated: 12/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

It exists that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546)

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu 5.2.0
debian debian linux 9.0
debian debian linux 10.0

Debian Bug report logs - #984453 CVE-2021-20196 Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 3 Mar 2021 19:27:02 UTC Severity: normal Tags: security, upst ...

Several security issues were fixed in QEMU ...

Synopsis Low: virt:av and virt-devel:av security and bug fix update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the virt:av and virt-devel:av modules is now available for Red Hat Enterprise Linux Advanced Virt ...

Synopsis Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the virt:rhel and virt-devel:rhel modules is now available for Red Ha ...

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service The highest threat from th ...

A NULL pointer dereference issue was found in the Floppy disk emulator of QEMU It could occur while processing read/write ioport commands, if the selected Floppy drive is not initialised with a block device A privileged guest user could use this flaw to crash the QEMU process on the host resulting in a denial of service scenario ...

CWE-476 https://bugs.launchpad.net/qemu/+bug/1912780 https://www.openwall.com/lists/oss-security/2021/01/28/1 https://security.netapp.com/advisory/ntap-20210708-0004/https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984453 https://ubuntu.com/security/notices/USN-5307-1 https://nvd.nist.gov

CVE-2021-20196

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect