VDB
DEBIAN-CVE-2021-4206
DEBIAN-CVE-2021-4206
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Risk Scores
CVSS v3.1
8.199999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | qemu | 0, 0, 0 |
| Debian:14 | qemu | 0, 0, 0 |
| Debian:11 | qemu | 0, 5.2+dfsg, 5.2+dfsg |
| Debian:12 | qemu | 0, 0, 0 |
Timeline
- Apr 29, 2022 CVE Published
- Apr 28, 2026 CVE Updated