Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2021-3607

Published: February 24, 2022Last modified: November 8, 2023

Description

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Severity score breakdown

ParameterValue
Base score6
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredHIGH
User interactionNONE
ScopeCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSqemuNot affected (7.1.0-r4)
StreamqemuNot affected (8.0.4-r0)

References

ON THIS PAGE