Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-3545

Published: 02/06/2021 Updated: 07/11/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 188
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Qemu

Vulnerability Summary

It exists that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

debian debian linux 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2021-3544 CVE-2021-3545 CVE-2021-3546
Debian Bug report logs - #989042 CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 24 May 2021 15:18:01 UTC Severity: ...
Ubuntu Security Notice: USN-5307-1: QEMU vulnerabilities
Several security issues were fixed in QEMU ...
Debian Security Advisories: DSA-4980-1 qemu -- security update
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the the execution of arbitrary code For the stable distribution (bullseye), these problems have been fixed in version 1:52+dfsg-11+deb11u1 We recommend that you upgrade your qemu packages For the detailed security status of qe ...
Red Hat: CVE-2021-3545
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virglc and could occur due to the read of uninitialized memory A malicious guest could exploit this issue to leak memory from the host ...
Arch Linux Issues:
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virglc and could occur due to the read of uninitialized memory A malicious guest could exploit this issue to leak memory from the host ...

References

CWE-908https://bugzilla.redhat.com/show_bug.cgi?id=1958955http://www.openwall.com/lists/oss-security/2021/05/31/1https://security.netapp.com/advisory/ntap-20210720-0008/https://www.debian.org/security/2021/dsa-4980https://security.gentoo.org/glsa/202208-27https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989042https://ubuntu.com/security/notices/USN-5307-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook