CVE-2021-3947 - Vulnerability Details - OpenCVE

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Key SSVC decision points have not yet been added.

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:6.2.0:rc0::::::
	cpe:2.3:a:qemu:qemu:6.2.0:rc1::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-27157	A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=2021869
https://nvd.nist.gov/vuln/detail/CVE-2021-3947
https://security.gentoo.org/glsa/202208-27
https://security.netapp.com/advisory/ntap-20220318-0003/
https://www.cve.org/CVERecord?id=CVE-2021-3947

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-02-18T17:50:50

Updated: 2024-08-03T17:09:09.628Z

Reserved: 2021-11-11T00:00:00

Link: CVE-2021-3947

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-02-18T18:15:09.750

Modified: 2024-11-21T06:23:13.050

Link: CVE-2021-3947

Redhat

Severity : Moderate

Publid Date: 2021-11-10T00:00:00Z

Links: CVE-2021-3947 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "QEMU", "vendor": "n/a", "versions": [{"status": "affected", "version": "qemu-kvm 6.2.0-rc2"}]}], "descriptions": [{"lang": "en", "value": "A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-14T18:09:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021869"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20220318-0003/"}, {"name": "GLSA-202208-27", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202208-27"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3947", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "QEMU", "version": {"version_data": [{"version_value": "qemu-kvm 6.2.0-rc2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2021869", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021869"}, {"name": "https://security.netapp.com/advisory/ntap-20220318-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220318-0003/"}, {"name": "GLSA-202208-27", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-27"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:09:09.628Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021869"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20220318-0003/"}, {"name": "GLSA-202208-27", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-27"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3947", "datePublished": "2022-02-18T17:50:50", "dateReserved": "2021-11-11T00:00:00", "dateUpdated": "2024-08-03T17:09:09.628Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FF46C11-37A3-4254-87C0-B118ABC43E92", "versionEndIncluding": "6.1.0", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:6.2.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "36E11BC8-3CC7-4AED-AAF3-47D854DA50A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:6.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "A4BAAC33-2329-43F6-9570-795153A24333", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information."}, {"lang": "es", "value": "Se ha encontrado un desbordamiento de pila en QEMU en el componente NVME. El fallo es encontrado en nvme_changed_nslist(), donde un hu\u00e9sped malicioso que controle determinadas entradas puede leer memoria fuera de l\u00edmites. Un usuario malicioso podr\u00eda usar este fallo conllevando a una divulgaci\u00f3n de informaci\u00f3n confidencial"}], "id": "CVE-2021-3947", "lastModified": "2024-11-21T06:23:13.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-18T18:15:09.750", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021869"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-27"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220318-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021869"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220318-0003/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Qiuhao Li for reporting this issue.", "bugzilla": {"description": "QEMU: NVMe: out-of-bounds memory read in nvme_changed_nslist", "id": "2021869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021869"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-125", "details": ["A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.", "A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information."], "name": "CVE-2021-3947", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "virt:rhel/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:8.2/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:av/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2021-11-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3947\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3947"], "statement": "The `qemu-kvm` packages as shipped with Red Hat Enterprise Linux are not affected by this flaw as they do not include support for NVMe emulation.", "threat_severity": "Moderate"}