An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions before 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qemu qemu |
||
debian debian linux 10.0 |
||
fedoraproject fedora 34 |