Published: 26/05/2021 Updated: 12/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

It exists that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546)

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu 5.2.0
debian debian linux 9.0
debian debian linux 10.0

Several security issues were fixed in QEMU ...

Debian Bug report logs - #984453 CVE-2021-20196 Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 3 Mar 2021 19:27:02 UTC Severity: normal Tags: security, upst ...

Synopsis Low: virt:av and virt-devel:av security and bug fix update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the virt:av and virt-devel:av modules is now available for Red Hat Enterprise Linux Advanced Virt ...

Synopsis Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the virt:rhel and virt-devel:rhel modules is now available for Red Ha ...

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service The highest threat from th ...

A NULL pointer dereference issue was found in the Floppy disk emulator of QEMU It could occur while processing read/write ioport commands, if the selected Floppy drive is not initialised with a block device A privileged guest user could use this flaw to crash the QEMU process on the host resulting in a denial of service scenario ...

CWE-476 https://bugs.launchpad.net/qemu/+bug/1912780 https://www.openwall.com/lists/oss-security/2021/01/28/1 https://security.netapp.com/advisory/ntap-20210708-0004/https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://ubuntu.com/security/notices/USN-5307-1 https://nvd.nist.gov

CVE-2021-20196

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect