{"containers": {"cna": {"affected": [{"product": "qemu", "vendor": "n/a", "versions": [{"status": "affected", "version": "up to, including qemu 4.2.0"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125->CWE-787", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-05T05:06:40", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20210205 CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/02/05/1"}, {"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210708-0005/"}, {"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:30:07.645Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20210205 CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/02/05/1"}, {"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210708-0005/"}, {"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-20221", "datePublished": "2021-05-13T15:34:48", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:30:07.645Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:arm64:*", "matchCriteriaId": "FA157A2E-73D9-4542-AB44-59C6E3ED7B8C", "versionEndIncluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*", "matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario."}, {"lang": "es", "value": "Se encontr\u00f3 un problema de acceso al b\u00fafer de pila fuera de l\u00edmites en el emulador ARM Generic Interrupt Controller de QEMU hasta e incluyendo qemu versi\u00f3n 4.2.0 en la plataforma aarch64. El problema ocurre porque al escribir un ID de interrupci\u00f3n en el \u00e1rea de memoria del controlador, no est\u00e1 enmascarado para tener 4 bits de ancho. Puede conllevar a dicho problema al actualizar los campos de estado del controlador y su posterior procesamiento. Un usuario invitado privilegiado puede usar este fallo para bloquear el proceso QEMU en el host, resultando en un escenario DoS"}], "id": "CVE-2021-20221", "lastModified": "2024-11-21T05:46:09.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-13T16:15:07.697", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/02/05/1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210708-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/02/05/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210708-0005/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2521", "cpe": "cpe:/a:redhat:advanced_virtualization:8.2::el8", "package": "virt:8.2-8020120210603194525.863bb0db", "product_name": "Advanced Virtualization for RHEL 8.2.1", "release_date": "2021-06-22T00:00:00Z"}, {"advisory": "RHSA-2021:2521", "cpe": "cpe:/a:redhat:advanced_virtualization:8.2::el8", "package": "virt-devel:8.2-8020120210603194525.863bb0db", "product_name": "Advanced Virtualization for RHEL 8.2.1", "release_date": "2021-06-22T00:00:00Z"}, {"advisory": "RHSA-2021:1125", "cpe": "cpe:/a:redhat:advanced_virtualization:8.3::el8", "package": "virt:8.3-8030120210325145214.8f6a38fe", "product_name": "Advanced Virtualization for RHEL 8.3.1", "release_date": "2021-04-08T00:00:00Z"}, {"advisory": "RHSA-2021:1125", "cpe": "cpe:/a:redhat:advanced_virtualization:8.3::el8", "package": "virt-devel:8.3-8030120210325145214.8f6a38fe", "product_name": "Advanced Virtualization for RHEL 8.3.1", "release_date": "2021-04-08T00:00:00Z"}, {"advisory": "RHSA-2021:3061", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt-devel:rhel-8040020210721215855.522a0ee4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-10T00:00:00Z"}, {"advisory": "RHSA-2021:3061", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt:rhel-8040020210721215855.522a0ee4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-10T00:00:00Z"}], "bugzilla": {"description": "qemu: out-of-bound heap buffer access via an interrupt ID field", "id": "1924601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-125->CWE-787", "details": ["An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.", "An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario."], "name": "CVE-2021-20221", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "virt:8.2/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "virt:8.3/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "virt:av/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2021-02-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20221\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20221\nhttps://bugs.launchpad.net/qemu/+bug/1914353\nhttps://www.openwall.com/lists/oss-security/2021/02/05/1"], "statement": "This issue does not affect the versions of the qemu-kvm package as shipped with the Red Hat Enterprise Linux 5 and 6.\nThis issue affects versions of the qemu-kvm-rhev package as shipped with Red Hat Enterprise Linux 7 and qemu-kvm package as shipped with the Red Hat Enterprise Linux 8. Future package updates may address this issue for Red Hat Enterprise Linux 7 and 8.", "threat_severity": "Low"}