Vulnerability CVE-2021-3930: Information

Description

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3930
Published: Feb. 18, 2022
Modified: Oct. 25, 2022
Error type identifier: CWE-193

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
pve-qemup107.1.0-alt47.2.0-alt4ALT-PU-2022-3390-1307814Fixed
pve-qemuc10f17.1.0-alt47.2.0-alt3ALT-PU-2022-3390-1307814Fixed
qemusisyphus6.1.0-alt28.2.3-alt1ALT-PU-2021-3286-1289853Fixed
qemusisyphus_e2k7.2.0-alt3.E2K.37.2.0-alt3.E2K.4ALT-PU-2024-1953-1-Fixed
qemup106.1.0-alt28.2.2-alt0.p10.1ALT-PU-2021-3363-1289854Fixed
qemup10_e2k7.2.0-alt3.E2K.07.2.0-alt3.E2K.3ALT-PU-2023-6766-1-Fixed
qemuc10f16.1.0-alt28.2.2-alt0.p10.1ALT-PU-2021-3363-1289854Fixed
qemup116.1.0-alt28.2.3-alt1ALT-PU-2021-3286-1289853Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2020588
  • Issue Tracking
  • Patch
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20220225-0007/
  • Third Party Advisory
[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update
  • Mailing List
  • Third Party Advisory
GLSA-202208-27
  • Third Party Advisory
[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
      End excliding
      6.2.0

      Configuration 2

      cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_advanced_virtualization_eus:8.4:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top