CVE-2021-3930

MEDIUM

Qemu < 6.2.0 - Denial of Service

Title source: rule
STIX 2.1

Description

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.

References (5)

Scores

CVSS v3 6.5
EPSS 0.0005
EPSS Percentile 16.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Details

CWE
CWE-193
Status published
Products (12)
debian/debian_linux 9.0
debian/debian_linux 10.0
qemu/qemu < 6.2.0
redhat/codeready_linux_builder 8.0
redhat/codeready_linux_builder_for_ibm_z_systems 8.0
redhat/codeready_linux_builder_for_power_little_endian 8.0
redhat/enterprise_linux 8.0
redhat/enterprise_linux_advanced_virtualization_eus 8.4
redhat/enterprise_linux_for_ibm_z_systems 8.0
redhat/enterprise_linux_for_power_little_endian 8.0
... and 2 more
Published Feb 18, 2022
Tracked Since Feb 18, 2026