Published: 25/02/2021 Updated: 30/09/2022

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 3.2 | Impact Score: 1.4 | Exploitability Score: 1.5

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

It exists that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546)

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
fedoraproject fedora 33
debian debian linux 9.0
debian debian linux 10.0

Debian Bug report logs - #984452 CVE-2021-20203 Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 3 Mar 2021 19:21:09 UTC Severity: normal Tags: security, upst ...

Several security issues were fixed in QEMU ...

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario ...

CWE-190 CWE-190 https://bugzilla.redhat.com/show_bug.cgi?id=1922441 https://bugs.launchpad.net/qemu/+bug/1913873 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://security.gentoo.org/glsa/202208-27 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984452 https://ubuntu.com/security/notices/USN-5307-1 https://nvd.nist.gov

CVE-2021-20203

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect