Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.
CVSS Information
N/A
Vulnerability Type
释放后使用
Vulnerability Title
QEMU 资源管理错误漏洞
Vulnerability Description
QEMU(Quick Emulator)是法国法布里斯-贝拉(Fabrice Bellard)个人开发者的一套模拟处理器软件。该软件具有速度快、跨平台等特点。 QEMU 中的 NVM Express 控制器 (NVME) 仿真中存在安全漏洞,该漏洞源于当可重入写入触发重置函数 nvme_ctrl_reset() 时,数据结构将被释放,从而导致释放后使用问题。恶意来宾可以利用此缺陷使主机上的 QEMU 进程崩溃,从而导致拒绝服务条件,或者可能在主机上的 QEMU 进程上下文中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A