Published: 13/05/2021 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6 | Impact Score: 4 | Exploitability Score: 1.5

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
redhat enterprise linux 8.0
debian debian linux 9.0
debian debian linux 10.0

A security issue was found in QEMU When using the non-default option kernel-irqchip=off, undefined behaviour can lead to a heap buffer overflow ...

CWE-125 https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html https://bugzilla.redhat.com/show_bug.cgi?id=1924601 http://www.openwall.com/lists/oss-security/2021/02/05/1 https://security.netapp.com/advisory/ntap-20210708-0005/https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://nvd.nist.gov https://security.archlinux.org/CVE-2021-20221

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-20221

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect