Out-of-bounds Write
CVE-2021-3638
Summary
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU before v4.1.0-rc0. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
- LOW
- LOCAL
- NONE
- CHANGED
- NONE
- LOW
- NONE
- HIGH
CWE-787 - Out-of-Bounds Write
Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.
Advisory Timeline
- Published