A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The flaw exists in the pvrdma_ring_init() function in hw/rdma/vmw/pvrdma_dev_ring.c and could occur while handling a "PVRDMA_REG_DSRHIGH" write from the guest. Due to improper initialization of the 'ring->pages' array, rdma_pci_dma_unmap() may be passed an uninitialized pointer as argument, leading to undefined behavior and possible crash of the QEMU process on the host.
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1973385]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3608
Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html