Vulnerabilities > CVE-2021-3608 - Access of Uninitialized Pointer vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1973383
- https://bugzilla.redhat.com/show_bug.cgi?id=1973383
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html
- https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html
- https://security.gentoo.org/glsa/202208-27
- https://security.gentoo.org/glsa/202208-27
- https://security.netapp.com/advisory/ntap-20220318-0002/
- https://security.netapp.com/advisory/ntap-20220318-0002/