CVE-2021-4207

🗓️ 29 Apr 2022 16:07:33Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 154 Views

Flaw in QEMU QXL display device emulation leads to heap-based buffer overflo

Reporter	Title	Published	Views	Family All 138
Tenable Nessus	Amazon Linux 2 : qemu (ALAS-2023-2061)	5 Jun 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0168: virt:rhel and virt-devel:rhel (ALINUX3-SA-2022:0168)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : virt:rhel and virt-devel:rhel (5821) (ALSA-2022:5821)	6 Aug 202200:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: qemu / qemu-kvm (CVE-2021-4207)	10 Feb 202500:00	–	nessus
Tenable Nessus	CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2022:5821)	3 Aug 202200:00	–	nessus
Tenable Nessus	Debian dla-3099 : qemu - security update	5 Sep 202200:00	–	nessus
Tenable Nessus	Debian DSA-5133-1 : qemu - security update	10 May 202200:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.0 : qemu (EulerOS-SA-2022-2880)	27 Dec 202200:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.1 : qemu (EulerOS-SA-2022-2898)	27 Dec 202200:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.1 : qemu (EulerOS-SA-2023-2082)	7 Jun 202300:00	–	nessus

NVD

Vulners

Node

qemu qemuRange<7.0.0

Node

redhat enterprise_linuxMatch8.0-

redhat enterprise_linuxMatch8.0advanced_virtualization

Node

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

[
  {
    "product": "QEMU",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "qemu-kvm 7.0.0"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
security	www.security.gentoo.org/glsa/202208-27
lists	www.lists.debian.org/debian-lts-announce/2022/09/msg00008.html
starlabs	www.starlabs.sg/advisories/21-4207/
debian	www.debian.org/security/2022/dsa-5133
security	www.security.netapp.com/advisory/ntap-20250321-0009/

21 Mar 2025 18:15Current

8.1High risk

Vulners AI Score8.1

CVSS 24.6

CVSS 3.18.2

EPSS0.00051