Main Vulnerability Database Vulnerabilities #VU63787

#VU63787 Integer overflow in QEMU - CVE-2021-4206

Published: May 30, 2022 / Updated: May 30, 2022

Vulnerability identifier: #VU63787

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-4206

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
QEMU

Software vendor:
QEMU

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to integer overflow in the cursor_alloc() function in the QXL display device emulation in QEMU. A privileged user can crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

Remediation

Install updates from vendor's website.

External links

https://starlabs.sg/advisories/21-4206/
https://bugzilla.redhat.com/show_bug.cgi?id=2036998
https://www.debian.org/security/2022/dsa-5133

#VU63787 Integer overflow in QEMU - CVE-2021-4206

Description

Remediation

External links

Please verify you're human