Vulnerability Details : CVE-2021-3607
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2021-3607
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3607
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3607
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
6.0
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
1.5
|
4.0
|
NIST |
CWE ids for CVE-2021-3607
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: secalert@redhat.com (Secondary)
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: secalert@redhat.com (Secondary)
-
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2021-3607
-
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
[SECURITY] [DLA 3099-1] qemu security updateMailing List;Third Party Advisory
-
https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html
[PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)Mailing List;Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20220318-0002/
February 2022 QEMU Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1973349
1973349 – (CVE-2021-3607) CVE-2021-3607 QEMU: pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()Issue Tracking;Third Party Advisory
-
https://security.gentoo.org/glsa/202208-27
QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo securityThird Party Advisory
Jump to