Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-4207
HistoryApr 29, 2022 - 12:00 a.m.

CVE-2021-4207

2022-04-2900:00:00
ubuntu.com
ubuntu.com
38
qxl display emulation
qemu
heap-based buffer overflow
guest controlled values
arbitrary code execution
bugzilla redhat.

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

39.9%

A flaw was found in the QXL display device emulation in QEMU. A double
fetch of guest controlled values cursor->header.width and
cursor->header.height can lead to the allocation of a small cursor object
followed by a subsequent heap-based buffer overflow. A malicious privileged
guest user could use this flaw to crash the QEMU process on the host or
potentially execute arbitrary code within the context of the QEMU process.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchqemu< 1:2.11+dfsg-1ubuntu7.40UNKNOWN
ubuntu20.04noarchqemu< 1:4.2-3ubuntu6.23UNKNOWN
ubuntu21.10noarchqemu< 1:6.0+dfsg-2expubuntu1.3UNKNOWN
ubuntu22.04noarchqemu< 1:6.2+dfsg-2ubuntu6.2UNKNOWN
ubuntu22.10noarchqemu< 1:6.2+dfsg-2ubuntu8UNKNOWN
ubuntu23.04noarchqemu< 1:6.2+dfsg-2ubuntu8UNKNOWN
ubuntu23.10noarchqemu< 1:6.2+dfsg-2ubuntu8UNKNOWN
ubuntu24.04noarchqemu< 1:6.2+dfsg-2ubuntu8UNKNOWN
ubuntu14.04noarchqemu< anyUNKNOWN
ubuntu16.04noarchqemu< anyUNKNOWN

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

39.9%