2034602 – (CVE-2021-4145) CVE-2021-4145 QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c

Bug 2034602 (CVE-2021-4145) - CVE-2021-4145 QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c

Summary: CVE-2021-4145 QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-4145
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2001404 2002607 2034944 2035011
Blocks:	2031962 2034603
TreeView+	depends on / blocked

Reported:	2021-12-21 13:24 UTC by Guilherme de Almeida Suckevicz
Modified:	2022-05-17 09:26 UTC (History)
CC List:	27 users (show)
Fixed In Version:	qemu-kvm 6.2.0
Doc Type:	If docs needed, set a value
Doc Text:	A NULL pointer dereference issue was found in the block mirror layer of QEMU. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
Clone Of:
Environment:
Last Closed:	2022-05-10 18:15:36 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:1759	0	None	None	None	2022-05-10 13:17:54 UTC

Description Guilherme de Almeida Suckevicz 2021-12-21 13:24:42 UTC

A NULL pointer dereference issue was found in QEMU in mirror_wait_on_conflicts() in block/mirror.c when creating a snapshot at some conditions.

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=2001404

Comment 1 Mauro Matteo Cascella 2021-12-22 14:04:42 UTC

Upstream patch:
https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd

Comment 7 Mauro Matteo Cascella 2021-12-22 17:35:41 UTC

Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 2035011]

Comment 11 errata-xmlrpc 2022-05-10 13:17:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1759 https://access.redhat.com/errata/RHSA-2022:1759

Comment 12 Product Security DevOps Team 2022-05-10 18:15:33 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-4145

Note You need to log in before you can comment on or make changes to this bug.

berrange
cfergeau
crobinso
dbecker
jen
jferlan
jforbes
jjoyce
jmaloy
jschluet
knoel
lhh
lkundrak
lpeer
m.a.young
mburns
mkenneth
mrezanin
mst
ondrejj
pbonzini
rjones
sclewis
security-response-team
slinaber
virt-maint
virt-maint