QEMU up to 6.x HD Audio Device memory corruption

A vulnerability has been found in QEMU up to 6.x (Virtualization Software) and classified as critical. This vulnerability affects an unknown code block of the component HD Audio Device Handler. Upgrading to version 7.0.0 eliminates this vulnerability.

Field05/12/2022 11:59 AM05/14/2022 01:44 PM
nameQEMUQEMU
version<=6.x<=6.x
componentHD Audio Device HandlerHD Audio Device Handler
cwe119 (memory corruption)119 (memory corruption)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aHH
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://bugzilla.redhat.com/show_bug.cgi?id=1973784https://bugzilla.redhat.com/show_bug.cgi?id=1973784
nameUpgradeUpgrade
upgrade_version7.0.07.0.0
cveCVE-2021-3611CVE-2021-3611
cve_assigned16239672001623967200
date1652306400 (05/12/2022)1652306400 (05/12/2022)
typeVirtualization SoftwareVirtualization Software
cvss2_vuldb_acLL
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiCC
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_eXX
cvss2_vuldb_basescore5.55.5
cvss2_vuldb_tempscore4.84.8
cvss3_vuldb_basescore5.75.7
cvss3_vuldb_tempscore5.55.5
cvss3_meta_basescore5.75.7
cvss3_meta_tempscore5.55.5
price_0day$5k-$25k$5k-$25k
cve_nvd_summaryA stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.

Do you want to use VulDB in your project?

Use the official API to access entries easily!