CVE-2021-3735

2022-08-2616:15:09

Debian Security Bug Tracker

security-tracker.debian.org

ahci controller

qemu

deadlock issue

denial of service

vulnerability

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

12.6%

JSON

A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

OSVersionArchitecturePackageVersionFilename
Debian12allqemu<= 1:7.2+dfsg-7+deb12u7qemu_1:7.2+dfsg-7+deb12u7_all.deb
Debian11allqemu<= 1:5.2+dfsg-11+deb11u3qemu_1:5.2+dfsg-11+deb11u3_all.deb
Debian999allqemu<= 1:9.1.0+ds-7qemu_1:9.1.0+ds-7_all.deb
Debian13allqemu<= 1:9.0.2+ds-2qemu_1:9.0.2+ds-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	qemu	<= 1:7.2+dfsg-7+deb12u7	qemu_1:7.2+dfsg-7+deb12u7_all.deb
Debian	11	all	qemu	<= 1:5.2+dfsg-11+deb11u3	qemu_1:5.2+dfsg-11+deb11u3_all.deb
Debian	999	all	qemu	<= 1:9.1.0+ds-7	qemu_1:9.1.0+ds-7_all.deb
Debian	13	all	qemu	<= 1:9.0.2+ds-2	qemu_1:9.0.2+ds-2_all.deb