Lucene search

K
cvelistRedhatCVELIST:CVE-2021-3409
HistoryMar 23, 2021 - 8:20 p.m.

CVE-2021-3409

2021-03-2320:20:58
CWE-119
redhat
www.cve.org
2

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.

CNA Affected

[
  {
    "product": "QEMU",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "up to (including) 5.2.0"
      }
    ]
  }
]