CVE-2021-3546 : An out-of-bounds write vulnerability was found in the virtio vhost-user GPU devi

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.

Published 2021-06-02 14:15:11

Updated 2022-10-25 20:27:43

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2021-3546

Debian » Debian Linux » Version: 11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Matching versions
Qemu » Qemu
Versions up to, including, (<=) 6.0.0
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-3546

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 20 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-3546

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.2	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	1.5	6.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-3546

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2021-3546

http://www.openwall.com/lists/oss-security/2021/05/31/1

oss-security - QEMU: security issues in vhost-user-gpu
Mailing List;Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1958978

1958978 – (CVE-2021-3546) CVE-2021-3546 QEMU: vhost-user-gpu: out-of-bounds write in virgl_cmd_get_capset()
Issue Tracking;Third Party Advisory
https://security.netapp.com/advisory/ntap-20210720-0008/

June 2021 QEMU Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2021/dsa-4980

Debian -- Security Information -- DSA-4980-1 qemu
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202208-27

QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-3546

Products affected by CVE-2021-3546

Exploit prediction scoring system (EPSS) score for CVE-2021-3546

CVSS scores for CVE-2021-3546

CWE ids for CVE-2021-3546

References for CVE-2021-3546