Description
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
References (5)
Core 5
Core References
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/02/05/1
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1924601
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210708-0005/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
Scores
CVSS v3
6.0
EPSS
0.0002
EPSS Percentile
6.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-125
CWE-787
Status
published
Products (4)
debian/debian_linux
9.0
debian/debian_linux
10.0
qemu/qemu
< 4.2.0
redhat/enterprise_linux
8.0 (2 CPE variants)
Published
May 13, 2021
Tracked Since
Feb 18, 2026