How severe is CVE-2021-3546?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2021-3546?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2021-3546 - HIGH Severity | CVSS 8.2

Vulnerability Description

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.

Related Vulnerabilities

CVE-2018-11806

HIGH

CVSS:8.2(High)

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

CWE-7872018

CVE-2018-1635

HIGH

CVSS:8.2(High)

Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root ...

CWE-7872018

CVE-2018-1636

HIGH

CVSS:8.2(High)

CWE-7872018

CVE-2018-3880

HIGH

CVSS:8.2(High)

An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0...

CWE-7872018

CVE-2019-12325

HIGH

CVSS:8.2(High)

The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authen...

CWE-7872019

CVE-2019-2867

HIGH

CVSS:8.2(High)

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vuln...

CWE-7872019