CVE-2021-3409 log

Source
Severity Medium
Remote No
Type Arbitrary code execution
Description 
Upstream commit dfba99f17feb6d4a129da19d38df1bcd8579d1c3 was supposed to fix CVE-2020-17380 and CVE-2020-25085, both involving a heap buffer overflow in the SDHCI controller emulation of QEMU. In fact, it turned out it was still possible to reproduce the same issue with specially crafted input, inducing a bogus transfer and subsequent out-of-bounds read/write access in sdhci_do_adma() or sdhci_sdma_transfer_multi_blocks().
Group Package Affected Fixed Severity Status Ticket
AVG-1308 qemu 5.2.0-4 6.0.0-1 Medium Fixed
References 
https://www.openwall.com/lists/oss-security/2021/03/09/1
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3
https://bugzilla.redhat.com/show_bug.cgi?id=1928146
https://bugs.launchpad.net/qemu/+bug/1909418
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b263d8f928001b5cfa2a993ea43b7a5b3a1811e8
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8be45cc947832b3c02144c9d52921f499f2d77fe
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bc6f28995ff88f5d82c38afcfd65406f0ae375aa
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9