« List of all CVEs

CVE-2021-3947

Published: 2/18/2022 Last updated: 8/3/2024 Reserved: 11/11/2021

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (1)

Product Vendor Version
QEMU n/a 3.11.2S

References (6)