QEMU Vulnerability: Crash and Undefined Behavior in VMWare Paravirtual RDMA Device Handling

QEMU Vulnerability: Crash and Undefined Behavior in VMWare Paravirtual RDMA Device Handling

CVE-2021-3608 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.

Learn more about our Cis Benchmark Audit For Vmware.