Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.2
CVSSv3

CVE-2021-3546

Published: 02/06/2021 Updated: 25/10/2022
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.2 | Impact Score: 6 | Exploitability Score: 1.5
VMScore: 410
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Qemu

Vulnerability Summary

It exists that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

debian debian linux 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2021-3544 CVE-2021-3545 CVE-2021-3546
Debian Bug report logs - #989042 CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 24 May 2021 15:18:01 UTC Severity: ...
Ubuntu Security Notice: USN-5307-1: QEMU vulnerabilities
Several security issues were fixed in QEMU ...
Debian Security Advisories: DSA-4980-1 qemu -- security update
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the the execution of arbitrary code For the stable distribution (bullseye), these problems have been fixed in version 1:52+dfsg-11+deb11u1 We recommend that you upgrade your qemu packages For the detailed security status of qe ...
Red Hat: CVE-2021-3546
A flaw was found in vhost-user-gpu An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process The highest threat from this vulnerability is to data confidentiality and integrity as ...
Arch Linux Issues:
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU The flaw exists in virgl_cmd_get_capset() in contrib/vhost-user-gpu/virglc and could occur while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a ...

References

CWE-787https://bugzilla.redhat.com/show_bug.cgi?id=1958978http://www.openwall.com/lists/oss-security/2021/05/31/1https://security.netapp.com/advisory/ntap-20210720-0008/https://www.debian.org/security/2021/dsa-4980https://security.gentoo.org/glsa/202208-27https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989042https://ubuntu.com/security/notices/USN-5307-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook