CVE-2021-4158
Advisory lineage Upstream: 0 Downstream: 6
Modified
Published: 24 Aug 2022, 15:10
Last modified:03 Aug 2024, 17:16
Vulnerability Summary
Overall Risk (default)
medium
34/100 CVSS Score
6 MEDIUM
v3.1 (nvd)
EPSS Score
0.02% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
24 Aug 2022, 15:10
Published
Vulnerability first disclosed
03 Aug 2024, 17:16
Last Modified
Vulnerability information updated
Description
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVSS Metrics
- v3.1•MEDIUM•Score: 6CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.02%• Percentile: 7%
Techniques & Countermeasures
- CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Systems
- qemu•qemu
≥ 6.0.0, < 7.0.0
- redhat•enterprise_linux
9.0
References (5)
- https://gitlab.com/qemu-project/qemu/-/issues/770
- https://bugzilla.redhat.com/show_bug.cgi?id=2035002
- https://access.redhat.com/security/cve/CVE-2021-4158
- https://www.mail-archive.com/qemu-devel%40nongnu.org/msg857944.html
- https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e