Bug 1973383 (CVE-2021-3608) - CVE-2021-3608 QEMU: pvrdma: uninitialized memory unmap in pvrdma_ring_init()
Summary: CVE-2021-3608 QEMU: pvrdma: uninitialized memory unmap in pvrdma_ring_init()
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-3608
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1973385
Blocks: 1962562 1973400
TreeView+ depends on / blocked
 
Reported: 2021-06-17 17:49 UTC by Mauro Matteo Cascella
Modified: 2022-02-16 09:46 UTC (History)
27 users (show)

Fixed In Version: qemu-kvm 6.1.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2021-06-17 21:03:59 UTC


Attachments (Terms of Use)

Description Mauro Matteo Cascella 2021-06-17 17:49:57 UTC
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The flaw exists in the pvrdma_ring_init() function in hw/rdma/vmw/pvrdma_dev_ring.c and could occur while handling a "PVRDMA_REG_DSRHIGH" write from the guest. Due to improper initialization of the 'ring->pages' array, rdma_pci_dma_unmap() may be passed an uninitialized pointer as argument, leading to undefined behavior and possible crash of the QEMU process on the host.

Comment 1 Mauro Matteo Cascella 2021-06-17 17:54:08 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1973385]

Comment 4 Product Security DevOps Team 2021-06-17 21:03:59 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3608

Comment 5 Mauro Matteo Cascella 2021-06-30 15:36:08 UTC
Upstream patch:
https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html


Note You need to log in before you can comment on or make changes to this bug.