Vulnerability Details : CVE-2021-3607
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2021-3607
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 12 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-3607
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
|
6.0
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
1.5
|
4.0
|
NIST |
CWE ids for CVE-2021-3607
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: secalert@redhat.com (Secondary)
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
-
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.Assigned by: secalert@redhat.com (Secondary)
-
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2021-3607
-
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
[SECURITY] [DLA 3099-1] qemu security updateMailing List;Third Party Advisory
-
https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html
[PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)Mailing List;Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20220318-0002/
February 2022 QEMU Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1973349
1973349 – (CVE-2021-3607) CVE-2021-3607 QEMU: pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()Issue Tracking;Third Party Advisory
-
https://security.gentoo.org/glsa/202208-27
QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo securityThird Party Advisory
Products affected by CVE-2021-3607
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*