Published: 11/05/2022 Updated: 12/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions before 7.0.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
redhat enterprise linux 8.0

Synopsis Moderate: qemu-kvm security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rate ...

Debian Bug report logs - #990562 qemu: CVE-2021-3611 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 2 Jul 2021 08:39:04 UTC Severity: important Tags: security, upstream Found in version qemu/1:52+d ...

A KVM guest can crash qemu-kvm (likely with a stack overflow) when the guest has been started with the intel-hda device ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=1973784 https://gitlab.com/qemu-project/qemu/-/issues/542 https://security.netapp.com/advisory/ntap-20220624-0001/https://security.gentoo.org/glsa/202208-27 https://access.redhat.com/errata/RHSA-2022:7967 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-3611

CVE-2021-3611

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect