CVE-2021-3930: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c

Bug 2020588 (CVE-2021-3930) - CVE-2021-3930 QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c

Summary: CVE-2021-3930 QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c

Keywords:

Status:

CLOSED ERRATA

Alias:

CVE-2021-3930

Product:

Security Response

Classification:

Other

Component:

vulnerability

Sub Component:

Version:

unspecified

Hardware:

All

OS:

Linux

Priority:

low

Severity:

low

Target Milestone:

—

Assignee:

Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

2020598 2020599 2020720 2020721 2020722 2020723 2025605 2025607 2025608

Blocks:

2020383

TreeView+

depends on / blocked

Reported:

2021-11-05 10:33 UTC by Mauro Matteo Cascella

Modified:

2022-01-11 17:00 UTC (History)

CC List:

30 users (show)

Fixed In Version:

qemu-kvm 6.2.0-rc0

Doc Type:

If docs needed, set a value

Doc Text:

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the ‘page’ argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.

Clone Of:

Environment:

Last Closed:

2022-01-11 17:00:42 UTC

Attachments

(Terms of Use)

Add an attachment (proposed patch, testcase, etc.)

Links

System

ID

Private

Priority

Status

Summary

Last Updated

Red Hat Product Errata

RHSA-2021:5065

0

None

None

None

2021-12-09 18:27:35 UTC

Red Hat Product Errata

RHSA-2021:5238

0

None

None

None

2021-12-21 09:59:14 UTC

Red Hat Product Errata

RHSA-2022:0081

0

None

None

None

2022-01-11 16:02:16 UTC