Published: 18/02/2022 Updated: 21/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu 6.2.0
qemu qemu

A stack-buffer-overflow was found in QEMU in the NVME component The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory A malicious user could use this flaw leading to disclosure of sensitive information ...

Recursive MMIO VM Escape PoC

CVE-2021-3929-3947 VM escape PoC for CVE-2021-3929 and CVE-2021-3947 Educational purposes only You can read the white paper for more information Environment OS: Ubuntu 2110 Linux: 5130 gcc: 1120 glibc: 234 glib: 2684 QEMU: 610 Guest OS: Ubuntu 2104 Commands Host qemu-system-x86_64 run -machine type=q35,accel=kvm -cpu host \

CWE-125 https://bugzilla.redhat.com/show_bug.cgi?id=2021869 https://security.netapp.com/advisory/ntap-20220318-0003/https://security.gentoo.org/glsa/202208-27 https://nvd.nist.gov https://github.com/QiuhaoLi/CVE-2021-3929-3947 https://access.redhat.com/security/cve/cve-2021-3947

CVE-2021-3947

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect