CVE-2021-3638

2022-03-0300:00:00

CWE-787

redhat

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.6%

JSON

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "QEMU",
    "versions": [
      {
        "version": "Affects qemu v4.0 to v6.1",
        "status": "affected"
      }
    ]
  }
]