Lucene search

K
cveRedhatCVE-2021-3930
HistoryFeb 18, 2022 - 6:15 p.m.

CVE-2021-3930

2022-02-1818:15:09
CWE-193
redhat
web.nvd.nist.gov
179
3
cve-2021-3930
qemu
scsi
emulation
denial of service
nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0

Percentile

14.2%

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the ‘page’ argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.

Affected configurations

Nvd
Vulners
Node
qemuqemuRange<6.2.0
Node
redhatcodeready_linux_builderMatch8.0
OR
redhatcodeready_linux_builder_for_ibm_z_systemsMatch8.0
OR
redhatcodeready_linux_builder_for_power_little_endianMatch8.0
OR
redhatopenstackMatch10
OR
redhatopenstackMatch13
OR
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linux_advanced_virtualization_eusMatch8.4
OR
redhatenterprise_linux_for_ibm_z_systemsMatch8.0
OR
redhatenterprise_linux_for_power_little_endianMatch8.0
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
VendorProductVersionCPE
qemuqemu*cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
redhatcodeready_linux_builder8.0cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_ibm_z_systems8.0cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_power_little_endian8.0cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*
redhatopenstack10cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
redhatopenstack13cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux_advanced_virtualization_eus8.4cpe:2.3:o:redhat:enterprise_linux_advanced_virtualization_eus:8.4:*:*:*:*:*:*:*
redhatenterprise_linux_for_ibm_z_systems8.0cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
redhatenterprise_linux_for_power_little_endian8.0cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 121

CNA Affected

[
  {
    "product": "QEMU",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "qemu-kvm 6.2.0-rc0"
      }
    ]
  }
]

Social References

More

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0

Percentile

14.2%