CVE-2021-3507

Published: 5/6/2021 Last updated: 8/3/2024 Reserved: 4/19/2021

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (1)

Product	Vendor	Version
QEMU	n/a	All versions < V6.6

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=1951118
https://security.netapp.com/advisory/ntap-20210528-0005/
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=1951118
https://security.netapp.com/advisory/ntap-20210528-0005/
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html