CVE-2021-4158
CVE-2021-4158
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
24 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
Affected products
n/a · QEMUWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/security/cve/CVE-2021-4158https://bugzilla.redhat.com/show_bug.cgi?id=2035002https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827ehttps://gitlab.com/qemu-project/qemu/-/issues/770https://www.mail-archive.com/qemu-devel%40nongnu.org/msg857944.html