Back to bug 2021869
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Product Security DevOps Team | 2021-11-10 18:27:50 UTC | CC | security-response-team | |
| CC | jen, jferlan, jmaloy, knoel, mkenneth, mrezanin, mst, pbonzini, ribarry | |||
| CC | dbecker, jjoyce, jschluet, lhh, lpeer, mburns, sclewis, slinaber | |||
| Comment | 0 | updated | ||
| Comment | 0 | updated | ||
| Group | qe_staff, security | |||
| Summary | EMBARGOED QEMU: NVME: Arbitrary Memory Read | QEMU: NVME: Arbitrary Memory Read | ||
| CC | berrange, cfergeau, crobinso, jforbes, lkundrak, m.a.young, ondrejj, philmd, rjones, virt-maint, virt-maint | |||
| Depends On | 2022085, 2022084 | |||
| Status | NEW | CLOSED | ||
| Resolution | --- | NOTABUG | ||
| Last Closed | 2021-11-10 18:27:50 UTC | |||
| Marian Rehak | 2021-11-11 14:55:46 UTC | Summary | QEMU: NVME: Arbitrary Memory Read | CVE-2021-3947 QEMU: NVME: Arbitrary Memory Read |
| Alias | CVE-2021-3947 | |||
| Marian Rehak | 2021-11-11 14:56:06 UTC | Blocks | 2022398 | |
| Mauro Matteo Cascella | 2023-08-04 08:03:24 UTC | Comment | 0 | updated |
| Doc Text | A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of | |||
| Doc Text | sensitive information. | |||
| Fixed In Version | qemu-kvm 6.2.0-rc2 | |||
| Summary | CVE-2021-3947 QEMU: NVME: Arbitrary Memory Read | CVE-2021-3947 QEMU: NVMe: out-of-bounds memory read in nvme_changed_nslist |
Back to bug 2021869