How severe is CVE-2021-20221?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2021-20221?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2021-20221

MEDIUM Year: 2021

CVSS v3 Score

6.0

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-125

View all →

Vulnerability Description

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

CVE-2016-5107

MEDIUM

CVSS:6.0(Medium)

The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds rea...

CWE-1252016

CVE-2018-5683

MEDIUM

CVSS:6.0(Medium)

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

CWE-1252018

CVE-2019-19927

MEDIUM

CVSS:6.0(Medium)

In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read acc...

CWE-1252019

CVE-2020-11293

MEDIUM

CVSS:6.0(Medium)

Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, ...

CWE-1252020

CVE-2020-2741

MEDIUM

CVSS:6.0(Medium)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily explo...

CWE-1252020

CVE-2020-2743

MEDIUM

CVSS:6.0(Medium)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily explo...

CWE-1252020

CVE-2021-20221

Vulnerability Description

Related Vulnerabilities

CVE-2016-5107

CVE-2018-5683

CVE-2019-19927

CVE-2020-11293

CVE-2020-2741

CVE-2020-2743