Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-3638

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 2.1
References
Products affected by CVE-2021-3638
  • Qemu » Qemu » Version: 4.0.0
    cpe:2.3:a:qemu:qemu:4.0.0
  • Qemu » Qemu » Version: 4.0.1
    cpe:2.3:a:qemu:qemu:4.0.1
  • Qemu » Qemu » Version: 4.1.0
    cpe:2.3:a:qemu:qemu:4.1.0
  • Qemu » Qemu » Version: 4.1.1
    cpe:2.3:a:qemu:qemu:4.1.1
  • Qemu » Qemu » Version: 4.2.0
    cpe:2.3:a:qemu:qemu:4.2.0
  • Qemu » Qemu » Version: 4.2.0-34
    cpe:2.3:a:qemu:qemu:4.2.0-34
  • Qemu » Qemu » Version: 4.2.1
    cpe:2.3:a:qemu:qemu:4.2.1
  • Qemu » Qemu » Version: 5.0
    cpe:2.3:a:qemu:qemu:5.0
  • Qemu » Qemu » Version: 5.0.0
    cpe:2.3:a:qemu:qemu:5.0.0
  • Qemu » Qemu » Version: 5.0.1
    cpe:2.3:a:qemu:qemu:5.0.1
  • Qemu » Qemu » Version: 5.1.0
    cpe:2.3:a:qemu:qemu:5.1.0
  • Qemu » Qemu » Version: 5.1.1
    cpe:2.3:a:qemu:qemu:5.1.1
  • Qemu » Qemu » Version: 5.2.0
    cpe:2.3:a:qemu:qemu:5.2.0
  • Qemu » Qemu » Version: 5.2.50
    cpe:2.3:a:qemu:qemu:5.2.50
  • Qemu » Qemu » Version: 6.0.0
    cpe:2.3:a:qemu:qemu:6.0.0
  • Qemu » Qemu » Version: 6.1.0
    cpe:2.3:a:qemu:qemu:6.1.0
  • Fedoraproject » Fedora » Version: 36
    cpe:2.3:o:fedoraproject:fedora:36
  • Fedoraproject » Fedora » Version: 37
    cpe:2.3:o:fedoraproject:fedora:37


Products
Pricing
Contact Us

Shodan ® - All rights reserved