{
  "threat_severity" : "Low",
  "public_date" : "2021-06-17T00:00:00Z",
  "bugzilla" : {
    "description" : "QEMU: pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()",
    "id" : "1973349",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1973349"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-190->CWE-770->(CWE-125|CWE-476)",
  "details" : [ "An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability." ],
  "statement" : "The versions of `qemu-kvm` as shipped with Red Hat Enterprise Linux and RHEL Advanced Virtualization are not affected by this flaw, as they are not built with PVRDMA support.",
  "acknowledgement" : "Red Hat would like to thank VictorV (Kunlun Lab) for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm-ma",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "virt:rhel/qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Not affected",
    "package_name" : "virt:8.2/qemu-kvm",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Not affected",
    "package_name" : "virt:8.3/qemu-kvm",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Not affected",
    "package_name" : "virt:av/qemu-kvm",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenStack Platform 10 (Newton)",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:10"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:13"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-3607\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3607" ],
  "name" : "CVE-2021-3607",
  "csaw" : false
}