How severe is CVE-2021-3507?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2021-3507?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2021-3507 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

Related Vulnerabilities

CVE-2011-1776

MEDIUM

CVSS:6.1(Medium)

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows phys...

CWE-1192011

CVE-2016-8658

MEDIUM

CVSS:6.1(Medium)

Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial...

CWE-1192016

CVE-2017-12282

MEDIUM

CVSS:6.1(Medium)

A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cau...

CWE-1192017

CVE-2017-12283

MEDIUM

CVSS:6.1(Medium)

A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user conn...

CWE-1192017

CVE-2018-16665

MEDIUM

CVSS:6.1(Medium)

An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c.

CWE-1192018

CVE-2019-19602

MEDIUM

CVSS:6.1(Medium)

fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or p...

CWE-1192019