An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device. It could occur while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. More specifically, the init_dev_ring() function in pvrdma_main.c does not validate the guest supplied 'num_pages' which is subsequently decremented and used in pvrdma_ring_init() to allocate dynamic memory via g_malloc(). This could result in a NULL pointer dereference issue (if g_malloc returns NULL) or allocation of large amount of memory and out-of-bounds read access. A privileged guest user could exploit this flaw to crash the QEMU process on the host, resulting in a denial of service condition. CREATE(Triage):(User=admin) CVE-2021-3607 (https://nvd.nist.gov/vuln/detail/CVE-2021-3607)
