{ "threat_severity" : "Moderate", "public_date" : "2021-05-04T00:00:00Z", "bugzilla" : { "description" : "QEMU: vhost-user-gpu: out-of-bounds write in virgl_cmd_get_capset()", "id" : "1958978", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1958978" }, "cvss3" : { "cvss3_base_score" : "8.2", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status" : "draft" }, "cwe" : "CWE-787", "details" : [ "An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.", "An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process." ], "statement" : "This issue does not affect the versions of `qemu-kvm` as shipped with Red Hat Enterprise Linux 6, 7 and 8, as Virgl was not enabled in these versions. Support for Virgl was enabled as technical preview in Red Hat Enterprise Linux Advanced Virtualization 8.2, and later disabled in Red Hat Enterprise Linux Advanced Virtualization 8.3.", "acknowledgement" : "Red Hat would like to thank Li Qiang of Tianchen Security Lab (Ant Group) for reporting this issue.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "qemu-kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "qemu-kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "qemu-kvm-ma", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "virt:rhel/qemu-kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization", "fix_state" : "Will not fix", "package_name" : "virt:8.2/qemu-kvm", "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8" }, { "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization", "fix_state" : "Not affected", "package_name" : "virt:8.3/qemu-kvm", "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8" }, { "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization", "fix_state" : "Not affected", "package_name" : "virt:av/qemu-kvm", "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "qemu-kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Not affected", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:13" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-3546\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3546\nhttps://www.openwall.com/lists/oss-security/2021/05/31/1" ], "name" : "CVE-2021-3546", "csaw" : false }