← back
CVE-2021-3638

CVE-2021-3638

EPSS 0.4%CWE-787
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
03 Mar 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
Affected products
n/a · QEMU