CVE-2021-3409 log

Source
Severity Medium
Remote No
Type Arbitrary code execution
Description
Upstream commit dfba99f17feb6d4a129da19d38df1bcd8579d1c3 was supposed to fix CVE-2020-17380 and CVE-2020-25085, both involving a heap buffer overflow in the SDHCI controller emulation of QEMU. In fact, it turned out it was still possible to reproduce the same issue with specially crafted input, inducing a bogus transfer and subsequent out-of-bounds read/write access in sdhci_do_adma() or sdhci_sdma_transfer_multi_blocks().
Group Package Affected Fixed Severity Status Ticket
AVG-1308 qemu 5.2.0-3 Medium Vulnerable
References
https://bugzilla.redhat.com/show_bug.cgi?id=1928146
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3
https://bugs.launchpad.net/qemu/+bug/1909418
https://lists.nongnu.org/archive/html/qemu-devel/2021-02/msg02910.html
https://lists.nongnu.org/archive/html/qemu-devel/2021-02/msg03102.html