Vulnerability DatabaseCVE-2021-3546
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2021-3546
June 02, 2021
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.
Related Resources (9)
https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3546
https://security.netapp.com/advisory/ntap-20210720-0008/
https://www.debian.org/security/2021/dsa-4980
https://security-tracker.debian.org/tracker/CVE-2021-3546
https://security.alpinelinux.org/vuln/CVE-2021-3546
http://www.openwall.com/lists/oss-security/2021/05/31/1
https://security.gentoo.org/glsa/202208-27
https://security.archlinux.org/CVE-2021-3546
https://bugzilla.redhat.com/show_bug.cgi?id=1958978
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
8.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
4.6
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Out-of-bounds Write
CWE-787
EPSS
Base Score:
0.04