Lucene search

[email protected]CVE-2021-4145

HistoryJan 25, 2022 - 8:15 p.m.

CVE-2021-4145

2022-01-2520:15:08

CWE-476

[email protected]

web.nvd.nist.gov

cve-2021-4145

information security

qemu

vulnerability

nvd

null pointer

dereference

guest

host

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

Percentile

5.1%

JSON

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The self pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it’s not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.

Affected configurations

Vulners

NVD

Node

qemuqemuRange≤6.2.0

VendorProductVersionCPE
qemuqemu*cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qemu	qemu	*	cpe:2.3:a:qemu:qemu::::::::

CNA Affected

[
  {
    "product": "QEMU",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "qemu-kvm 6.2.0"
      }
    ]
  }
]