An out-of-bound heap buffer access via an interrupt ID field resulting from undefined behaviour. The Interrupt ID of the SGI to forward to the specified CPU interfaces. The value of this field is the Interrupt ID, in the range 0-15, for example a value of 0b0011 specifies Interrupt ID 3. It requires unusual kernel start-up with 'kernel-irqchip=off'. This issue does not affect default configuration ie. kernel-irqchip=on. Upstream patch: --------------- -> https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1924602]
Upstream fix: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a
External References: https://bugs.launchpad.net/qemu/+bug/1914353 https://www.openwall.com/lists/oss-security/2021/02/05/1
Statement: This issue does not affect the versions of the qemu-kvm package as shipped with the Red Hat Enterprise Linux 5 and 6. This issue affects versions of the qemu-kvm-rhev package as shipped with Red Hat Enterprise Linux 7 and qemu-kvm package as shipped with the Red Hat Enterprise Linux 8. Future package updates may address this issue for Red Hat Enterprise Linux 7 and 8.
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.3.1 Via RHSA-2021:1125 https://access.redhat.com/errata/RHSA-2021:1125
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-20221
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.2.1 Via RHSA-2021:2521 https://access.redhat.com/errata/RHSA-2021:2521
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3061 https://access.redhat.com/errata/RHSA-2021:3061