CVE-2021-20221

NameCVE-2021-20221
DescriptionAn out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2560-1, DLA-3099-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)bullseye1:5.2+dfsg-11+deb11u3fixed
bullseye (security)1:5.2+dfsg-11+deb11u5fixed
bookworm1:7.2+dfsg-7+deb12u16fixed
bookworm (security)1:7.2+dfsg-7+deb12u15fixed
trixie1:10.0.3+ds-0+deb13u1fixed
trixie (security)1:10.0.2+ds-2+deb13u1fixed
forky1:10.1.0+ds-2fixed
sid1:10.1.0+ds-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusourcestretch1:2.8+dfsg-6+deb9u13DLA-2560-1
qemusourcebuster1:3.1+dfsg-8+deb10u9DLA-3099-1
qemusource(unstable)1:5.2+dfsg-4

Notes

https://www.openwall.com/lists/oss-security/2021/02/05/1
https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a (v6.0.0-rc0)
Search for package or bug name: Reporting problems