CVE-2021-4207
EUVD-2021-3406529.04.2022, 17:15
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| qemu | qemu | 𝑥 < 7.0.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 8.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| qemu |
|
Common Weakness Enumeration
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
References