Vulnerability Name: | CVE-2021-4207 (CCN-225640) | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2022-03-28 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Published: | 2022-03-28 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2022-11-29 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Summary: | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 8.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-120 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-4207 Source: CCN Type: Red Hat Bugzilla - Bug 2036966 (CVE-2021-4207) - CVE-2021-4207 QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow Source: secalert@redhat.com Type: Issue Tracking, Third Party Advisory secalert@redhat.com Source: XF Type: UNKNOWN qemu-cve20214207-bo(225640) Source: CCN Type: QEMU GIT Repository display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Exploit, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: Mend Vulnerability Database CVE-2021-4207 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||
BACK |