CVE-2021-4206

HIGH

QEMU - Buffer Overflow

Title source: llm

Description

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

References (6)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2036998

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html

[Third Party Advisory] https://security.gentoo.org/glsa/202208-27

[Exploit, Third Party Advisory] https://starlabs.sg/advisories/21-4206/

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5133

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20250321-0010/

Scores

CVSS v3 8.2

EPSS 0.0016

EPSS Percentile 36.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-190 CWE-131 CWE-120

Status published

Affected Products (5)

qemu/qemu < 7.0.0

redhat/enterprise_linux

redhat/enterprise_linux

debian/debian_linux

debian/debian_linux

Timeline

Published Apr 29, 2022

Tracked Since Feb 18, 2026