CVE-2021-20196

Published: 5/26/2021 Last updated: 8/3/2024 Reserved: 12/17/2020

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (1)

Product	Vendor	Version
qemu	n/a	< 6.0.6003.21872

References (10)

https://bugs.launchpad.net/qemu/+bug/1912780
https://www.openwall.com/lists/oss-security/2021/01/28/1
https://security.netapp.com/advisory/ntap-20210708-0004/
https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
https://bugs.launchpad.net/qemu/+bug/1912780
https://www.openwall.com/lists/oss-security/2021/01/28/1
https://security.netapp.com/advisory/ntap-20210708-0004/
https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html