CVE-2021-3545

MEDIUM Year: 2021
CVSS v3 Score
6.5
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-908
View all →

Vulnerability Description

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.

Related Vulnerabilities

CVE-2018-18366

MEDIUM
CVSS:6.5(Medium)

Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.700...

CWE-9082018

CVE-2018-20992

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled.

CWE-9082018

CVE-2018-6982

MEDIUM
CVSS:6.5(Medium)

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an infor...

CWE-9082018

CVE-2019-13751

MEDIUM
CVSS:6.5(Medium)

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CWE-9082019

CVE-2019-2140

MEDIUM
CVSS:6.5(Medium)

In libxaac, there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed f...

CWE-9082019

CVE-2019-2166

MEDIUM
CVSS:6.5(Medium)

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed fo...

CWE-9082019