ID CVE-2021-20196
Summary A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:5.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:5.2.0:-:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 08-07-2021 - 05:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
Last major update 08-07-2021 - 05:15
Published 26-05-2021 - 22:15
Last modified 08-07-2021 - 05:15
Back to Top