Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-4145

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.

Published

2022-01-25T20:15:08.657

Last Modified

2024-11-21T06:36:59.903

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

6.9

Weaknesses
  • Type: Secondary
    CWE-476
  • Type: Primary
    CWE-476
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application qemu qemu 6.1.0 Yes
Application qemu qemu 6.1.0 Yes
Application qemu qemu 6.1.0 Yes
Application qemu qemu 6.1.0 Yes
Application qemu qemu 6.1.0 Yes
Application qemu qemu 6.1.0 Yes
Operating System redhat enterprise_linux 8.0 Yes
References