Vulnerability Description
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qemu | Qemu | < 7.0.0 |
| Redhat | Enterprise Linux | 8.0 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2036966Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202208-27Third Party Advisory
- https://starlabs.sg/advisories/21-4207/ExploitThird Party Advisory
- https://www.debian.org/security/2022/dsa-5133Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2036966Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202208-27Third Party Advisory
- https://security.netapp.com/advisory/ntap-20250321-0009/
- https://starlabs.sg/advisories/21-4207/ExploitThird Party Advisory
- https://www.debian.org/security/2022/dsa-5133Third Party Advisory
FAQ
What is CVE-2021-4207?
CVE-2021-4207 is a vulnerability with a CVSS score of 8.2 (HIGH). A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor ...
How severe is CVE-2021-4207?
CVE-2021-4207 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4207?
Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Redhat Enterprise Linux, Debian Debian Linux.