PublicDateAtUSN: 2021-03-23 21:15:00 UTC
Candidate: CVE-2021-3409
PublicDate: 2021-03-23 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3409
 https://lists.nongnu.org/archive/html/qemu-devel/2021-02/msg02910.html
 https://lists.nongnu.org/archive/html/qemu-devel/2021-02/msg03102.html
 https://www.openwall.com/lists/oss-security/2021/03/09/1
 https://ubuntu.com/security/notices/USN-5010-1
Description:
 The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective,
 thus making QEMU vulnerable to the out-of-bounds read/write access issues
 previously found in the SDHCI controller emulation code. This flaw allows a
 malicious privileged guest to crash the QEMU process on the host, resulting
 in a denial of service or potential code execution. QEMU up to (including)
 5.2.0 is affected by this.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1928146
 https://bugs.launchpad.net/qemu/+bug/1909418
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L [5.7 MEDIUM]

Patches_qemu-kvm:
upstream_qemu-kvm: needs-triage
precise/esm_qemu-kvm: ignored (end of ESM support, was needs-triage)
trusty_qemu-kvm: DNE
trusty/esm_qemu-kvm: DNE
xenial_qemu-kvm: DNE
bionic_qemu-kvm: DNE
focal_qemu-kvm: DNE
groovy_qemu-kvm: DNE
hirsute_qemu-kvm: DNE
impish_qemu-kvm: DNE
jammy_qemu-kvm: DNE
devel_qemu-kvm: DNE

Patches_qemu:
 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=b263d8f928001b5cfa2a993ea43b7a5b3a1811e8
 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=8be45cc947832b3c02144c9d52921f499f2d77fe
 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=bc6f28995ff88f5d82c38afcfd65406f0ae375aa
 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd
 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9
upstream_qemu: needs-triage
precise/esm_qemu: DNE
trusty_qemu: ignored (out of standard support)
trusty/esm_qemu: needs-triage
xenial_qemu: ignored (end of standard support, was needed)
esm-infra/xenial_qemu: needed
bionic_qemu: released (1:2.11+dfsg-1ubuntu7.37)
focal_qemu: released (1:4.2-3ubuntu6.17)
groovy_qemu: released (1:5.0-5ubuntu9.9)
hirsute_qemu: released (1:5.2+dfsg-9ubuntu3.1)
impish_qemu: released (1:6.0+dfsg-1~ubuntu3)
jammy_qemu: released (1:6.0+dfsg-1~ubuntu3)
devel_qemu: released (1:6.0+dfsg-1~ubuntu3)