CVE-2021-3638

Summary

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Affected Software

VendorProductVersion RangeStatus
n/aQEMUAffects qemu v4.0 to v6.1affected

Weaknesses

  • CWE-787: CWE-787 - Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

References