Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 31 May 2021 18:40:04 +0200
From: Mauro Matteo Cascella <>
Cc: Li Qiang <>
Subject: QEMU: security issues in vhost-user-gpu


Multiple security issues were identified in the virtio vhost-user GPU
device (vhost-user-gpu) of QEMU. A malicious guest could use these
flaws to leak memory from the host system or potentially crash the
QEMU process on the host, resulting in a denial of service condition.

Patch series:

The following CVEs have been assigned by Red Hat, Inc.

* CVE-2021-3544 - combined CVE for multiple memory leaks
   Upstream commits:

* CVE-2021-3545 - information disclosure due to uninitialized memory read
   Upstream commit:

* CVE-2021-3546 - oob write while processing VIRTIO_GPU_CMD_GET_CAPSET
   Upstream commit:

Acknowledgements: Li Qiang of Tianchen Security Lab (Ant Group).

Thank  you,
Best regards.
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.