CVE-2021-4145

CVSS v3.1

6.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU versions prior to 6.2.0

Description A NULL pointer dereference issue was found in the block mirror layer of QEMU. The self pointer is dereferenced in mirror wait on conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.

Recommendations For QEMU versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the block mirror layer to minimize the risk of exploitation.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2022:1759

ALT-PU-2021-3585

ALT-PU-2022-1412

AZL-8347

CESA-2022_1759

CVE-2021-4145

RHSA-2022:1759

RHSA-2022_1759

RLSA-2022:1759

Affected Products

Alt Linux

Almalinux

Centos

Qemu

Red Hat

Rocky Linux

CVE-2021-4145

Weakness Enumeration

Related Identifiers

Affected Products

References · 174