vulnerability
Red Hat: CVE-2021-20221: CVE-2021-20221 qemu: out-of-bound heap buffer access via an interrupt ID field (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:N/A:P) | 04/07/2021 | 04/09/2021 | 12/15/2023 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
04/07/2021
Added
04/09/2021
Modified
12/15/2023
Description
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
Solution(s)
redhat-upgrade-hivexredhat-upgrade-hivex-debuginforedhat-upgrade-hivex-debugsourceredhat-upgrade-hivex-develredhat-upgrade-libguestfsredhat-upgrade-libguestfs-bash-completionredhat-upgrade-libguestfs-benchmarkingredhat-upgrade-libguestfs-benchmarking-debuginforedhat-upgrade-libguestfs-debuginforedhat-upgrade-libguestfs-debugsourceredhat-upgrade-libguestfs-develredhat-upgrade-libguestfs-gfs2redhat-upgrade-libguestfs-gobjectredhat-upgrade-libguestfs-gobject-debuginforedhat-upgrade-libguestfs-gobject-develredhat-upgrade-libguestfs-inspect-iconsredhat-upgrade-libguestfs-javaredhat-upgrade-libguestfs-java-debuginforedhat-upgrade-libguestfs-java-develredhat-upgrade-libguestfs-javadocredhat-upgrade-libguestfs-man-pages-jaredhat-upgrade-libguestfs-man-pages-ukredhat-upgrade-libguestfs-rescueredhat-upgrade-libguestfs-rsyncredhat-upgrade-libguestfs-toolsredhat-upgrade-libguestfs-tools-credhat-upgrade-libguestfs-tools-c-debuginforedhat-upgrade-libguestfs-winsupportredhat-upgrade-libguestfs-xfsredhat-upgrade-libiscsiredhat-upgrade-libiscsi-debuginforedhat-upgrade-libiscsi-debugsourceredhat-upgrade-libiscsi-develredhat-upgrade-libiscsi-utilsredhat-upgrade-libiscsi-utils-debuginforedhat-upgrade-libnbdredhat-upgrade-libnbd-debuginforedhat-upgrade-libnbd-debugsourceredhat-upgrade-libnbd-develredhat-upgrade-libvirtredhat-upgrade-libvirt-adminredhat-upgrade-libvirt-admin-debuginforedhat-upgrade-libvirt-bash-completionredhat-upgrade-libvirt-clientredhat-upgrade-libvirt-client-debuginforedhat-upgrade-libvirt-daemonredhat-upgrade-libvirt-daemon-config-networkredhat-upgrade-libvirt-daemon-config-nwfilterredhat-upgrade-libvirt-daemon-debuginforedhat-upgrade-libvirt-daemon-driver-interfaceredhat-upgrade-libvirt-daemon-driver-interface-debuginforedhat-upgrade-libvirt-daemon-driver-networkredhat-upgrade-libvirt-daemon-driver-network-debuginforedhat-upgrade-libvirt-daemon-driver-nodedevredhat-upgrade-libvirt-daemon-driver-nodedev-debuginforedhat-upgrade-libvirt-daemon-driver-nwfilterredhat-upgrade-libvirt-daemon-driver-nwfilter-debuginforedhat-upgrade-libvirt-daemon-driver-qemuredhat-upgrade-libvirt-daemon-driver-qemu-debuginforedhat-upgrade-libvirt-daemon-driver-secretredhat-upgrade-libvirt-daemon-driver-secret-debuginforedhat-upgrade-libvirt-daemon-driver-storageredhat-upgrade-libvirt-daemon-driver-storage-coreredhat-upgrade-libvirt-daemon-driver-storage-core-debuginforedhat-upgrade-libvirt-daemon-driver-storage-diskredhat-upgrade-libvirt-daemon-driver-storage-disk-debuginforedhat-upgrade-libvirt-daemon-driver-storage-glusterredhat-upgrade-libvirt-daemon-driver-storage-gluster-debuginforedhat-upgrade-libvirt-daemon-driver-storage-iscsiredhat-upgrade-libvirt-daemon-driver-storage-iscsi-debuginforedhat-upgrade-libvirt-daemon-driver-storage-iscsi-directredhat-upgrade-libvirt-daemon-driver-storage-iscsi-direct-debuginforedhat-upgrade-libvirt-daemon-driver-storage-logicalredhat-upgrade-libvirt-daemon-driver-storage-logical-debuginforedhat-upgrade-libvirt-daemon-driver-storage-mpathredhat-upgrade-libvirt-daemon-driver-storage-mpath-debuginforedhat-upgrade-libvirt-daemon-driver-storage-rbdredhat-upgrade-libvirt-daemon-driver-storage-rbd-debuginforedhat-upgrade-libvirt-daemon-driver-storage-scsiredhat-upgrade-libvirt-daemon-driver-storage-scsi-debuginforedhat-upgrade-libvirt-daemon-kvmredhat-upgrade-libvirt-dbusredhat-upgrade-libvirt-dbus-debuginforedhat-upgrade-libvirt-dbus-debugsourceredhat-upgrade-libvirt-debuginforedhat-upgrade-libvirt-debugsourceredhat-upgrade-libvirt-develredhat-upgrade-libvirt-docsredhat-upgrade-libvirt-libsredhat-upgrade-libvirt-libs-debuginforedhat-upgrade-libvirt-lock-sanlockredhat-upgrade-libvirt-lock-sanlock-debuginforedhat-upgrade-libvirt-nssredhat-upgrade-libvirt-nss-debuginforedhat-upgrade-libvirt-python-debugsourceredhat-upgrade-lua-guestfsredhat-upgrade-lua-guestfs-debuginforedhat-upgrade-nbdfuseredhat-upgrade-nbdfuse-debuginforedhat-upgrade-nbdkitredhat-upgrade-nbdkit-bash-completionredhat-upgrade-nbdkit-basic-filtersredhat-upgrade-nbdkit-basic-filters-debuginforedhat-upgrade-nbdkit-basic-pluginsredhat-upgrade-nbdkit-basic-plugins-debuginforedhat-upgrade-nbdkit-curl-pluginredhat-upgrade-nbdkit-curl-plugin-debuginforedhat-upgrade-nbdkit-debuginforedhat-upgrade-nbdkit-debugsourceredhat-upgrade-nbdkit-develredhat-upgrade-nbdkit-example-pluginsredhat-upgrade-nbdkit-example-plugins-debuginforedhat-upgrade-nbdkit-gzip-pluginredhat-upgrade-nbdkit-gzip-plugin-debuginforedhat-upgrade-nbdkit-linuxdisk-pluginredhat-upgrade-nbdkit-linuxdisk-plugin-debuginforedhat-upgrade-nbdkit-python-pluginredhat-upgrade-nbdkit-python-plugin-debuginforedhat-upgrade-nbdkit-serverredhat-upgrade-nbdkit-server-debuginforedhat-upgrade-nbdkit-ssh-pluginredhat-upgrade-nbdkit-ssh-plugin-debuginforedhat-upgrade-nbdkit-vddk-pluginredhat-upgrade-nbdkit-vddk-plugin-debuginforedhat-upgrade-nbdkit-xz-filterredhat-upgrade-nbdkit-xz-filter-debuginforedhat-upgrade-netcfredhat-upgrade-netcf-debuginforedhat-upgrade-netcf-debugsourceredhat-upgrade-netcf-develredhat-upgrade-netcf-libsredhat-upgrade-netcf-libs-debuginforedhat-upgrade-ocaml-hivexredhat-upgrade-ocaml-hivex-debuginforedhat-upgrade-ocaml-hivex-develredhat-upgrade-ocaml-libguestfsredhat-upgrade-ocaml-libguestfs-debuginforedhat-upgrade-ocaml-libguestfs-develredhat-upgrade-ocaml-libnbdredhat-upgrade-ocaml-libnbd-debuginforedhat-upgrade-ocaml-libnbd-develredhat-upgrade-perl-hivexredhat-upgrade-perl-hivex-debuginforedhat-upgrade-perl-sys-guestfsredhat-upgrade-perl-sys-guestfs-debuginforedhat-upgrade-perl-sys-virtredhat-upgrade-perl-sys-virt-debuginforedhat-upgrade-perl-sys-virt-debugsourceredhat-upgrade-python3-hivexredhat-upgrade-python3-hivex-debuginforedhat-upgrade-python3-libguestfsredhat-upgrade-python3-libguestfs-debuginforedhat-upgrade-python3-libnbdredhat-upgrade-python3-libnbd-debuginforedhat-upgrade-python3-libvirtredhat-upgrade-python3-libvirt-debuginforedhat-upgrade-qemu-guest-agentredhat-upgrade-qemu-guest-agent-debuginforedhat-upgrade-qemu-imgredhat-upgrade-qemu-img-debuginforedhat-upgrade-qemu-kvmredhat-upgrade-qemu-kvm-block-curlredhat-upgrade-qemu-kvm-block-curl-debuginforedhat-upgrade-qemu-kvm-block-glusterredhat-upgrade-qemu-kvm-block-gluster-debuginforedhat-upgrade-qemu-kvm-block-iscsiredhat-upgrade-qemu-kvm-block-iscsi-debuginforedhat-upgrade-qemu-kvm-block-rbdredhat-upgrade-qemu-kvm-block-rbd-debuginforedhat-upgrade-qemu-kvm-block-sshredhat-upgrade-qemu-kvm-block-ssh-debuginforedhat-upgrade-qemu-kvm-commonredhat-upgrade-qemu-kvm-common-debuginforedhat-upgrade-qemu-kvm-coreredhat-upgrade-qemu-kvm-core-debuginforedhat-upgrade-qemu-kvm-debuginforedhat-upgrade-qemu-kvm-debugsourceredhat-upgrade-qemu-kvm-testsredhat-upgrade-qemu-kvm-tests-debuginforedhat-upgrade-ruby-hivexredhat-upgrade-ruby-hivex-debuginforedhat-upgrade-ruby-libguestfsredhat-upgrade-ruby-libguestfs-debuginforedhat-upgrade-seabiosredhat-upgrade-seabios-binredhat-upgrade-seavgabios-binredhat-upgrade-sgabiosredhat-upgrade-sgabios-binredhat-upgrade-slofredhat-upgrade-superminredhat-upgrade-supermin-debuginforedhat-upgrade-supermin-debugsourceredhat-upgrade-supermin-develredhat-upgrade-virt-dibredhat-upgrade-virt-dib-debuginforedhat-upgrade-virt-v2vredhat-upgrade-virt-v2v-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.