Vulnerabilities > CVE-2021-20295 - Out-of-bounds Read vulnerability in Qemu
Summary
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
References
- https://access.redhat.com/security/cve/CVE-2020-10756
- https://access.redhat.com/security/cve/CVE-2020-10756
- https://bugzilla.redhat.com/show_bug.cgi?id=1944075
- https://bugzilla.redhat.com/show_bug.cgi?id=1944075
- https://security.netapp.com/advisory/ntap-20220519-0003/
- https://security.netapp.com/advisory/ntap-20220519-0003/