A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.

🗓️ 11 Dec 2020 08:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 1 Views

QEMU memory management flaw in region cache init causes out-of-bounds MSI-X writes during MMIO.

Reporter	Title	Published	Views	Family All 119
Tenable Nessus	Amazon Linux 2 : qemu (ALAS-2021-1671)	23 Jun 202100:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0119: virt:rhel and virt-devel:rhel (ALINUX3-SA-2022:0119)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2021:1762)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2021:1762)	19 May 202100:00	–	nessus
Tenable Nessus	CentOS 9 : qemu-kvm-6.1.0-3.el9	29 Feb 202400:00	–	nessus
Tenable Nessus	Debian dla-3099 : qemu - security update	5 Sep 202200:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2021-1632)	10 Mar 202100:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2021-1667)	11 Mar 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : qemu (EulerOS-SA-2022-1014)	28 Jan 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : qemu (EulerOS-SA-2022-1034)	28 Jan 202200:00	–	nessus

Vulners

Node

microsoft cm1_qemu-kvm_4.2.0-23Range<4.2.0-23

11 Dec 2020 08:00Current

7High risk

Vulners AI Score7

CVSS 22.1

CVSS 3.16

EPSS0.00036

qemu memory management region cache init out-of-bounds writes msi x table mmio operations denial of service pre 5.2.0 versions