CVE-2021-3607

Summary

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Affected Software

VendorProductVersion RangeStatus
n/aQEMUqemu-kvm 6.1.0affected

Weaknesses

  • CWE-190: CWE-190->CWE-770->(CWE-125|CWE-476)

ADP Enrichment

CVE Program Container

Additional References

References