CVE-2021-3607

An integer overflow was found in the QEMU implementation of VMWare’s
paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while
handling a “PVRDMA_REG_DSRHIGH” write from the guest due to improper input
validation. This flaw allows a privileged guest user to make QEMU allocate
a large amount of memory, resulting in a denial of service. The highest
threat from this vulnerability is to system availability.

Bugs

• <https://bugzilla.redhat.com/show_bug.cgi?id=1973349&gt;