Headline
CVE-2021-3607: unchecked malloc size due to integer overflow in init_dev_ring()
An integer overflow was found in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a “PVRDMA_REG_DSRHIGH” write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Bug 1973349 (CVE-2021-3607) - CVE-2021-3607 QEMU: pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()
Summary: CVE-2021-3607 QEMU: pvrdma: unchecked malloc size due to integer overflow in …
Keywords:
Status:
CLOSED NOTABUG
Alias:
CVE-2021-3607
Product:
Security Response
Classification:
Other
Component:
vulnerability
Sub Component:
Version:
unspecified
Hardware:
All
OS:
Linux
Priority:
low
Severity:
low
Target Milestone:
—
Assignee:
Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
1973352
Blocks:
1973400 1962562
TreeView+
depends on / blocked
Reported:
2021-06-17 16:40 UTC by Mauro Matteo Cascella
Modified:
2022-02-16 09:46 UTC (History)
CC List:
27 users (show)
Fixed In Version:
qemu-kvm 6.1.0
Doc Type:
If docs needed, set a value
Doc Text:
An integer overflow was found in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue occurs while handling a “PVRDMA_REG_DSRHIGH” write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:
2021-06-17 21:03:54 UTC
Attachments
(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)