Wind River Support Network


LIN1021-677 : Security Advisory - qemu - CVE-2021-3607

Created: Jun 20, 2021    Updated: Mar 7, 2022
Resolved Date: Sep 27, 2021
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace


An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device. It could occur while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. More specifically, the init_dev_ring() function in pvrdma_main.c does not validate the guest supplied 'num_pages' which is subsequently decremented and used in pvrdma_ring_init() to allocate dynamic memory via g_malloc(). This could result in a NULL pointer dereference issue (if g_malloc returns NULL) or allocation of large amount of memory and out-of-bounds read access. A privileged guest user could exploit this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

CREATE(Triage):(User=admin) CVE-2021-3607 (


Live chat