Vulnerability - CVE-2021-3611

›

›vulnerability›CVE-2021-3611

Name

CVE-2021-3611

Source

NVD ( link)Debian ( link)

Description

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.

CWEs

CWE-119 CWE-787

Published Date

May 11, 2022

Updated Date

Jun 17, 2026

Workaround

-

Advisories

https://bugzilla.redhat.com/show_bug.cgi?id=1973784Issue Tracking

https://gitlab.com/qemu-project/qemu/-/issues/542Exploit

https://security.gentoo.org/glsa/202208-27Third Party Advisory

https://security.netapp.com/advisory/ntap-20220624-0001/Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1973784Issue Tracking

https://gitlab.com/qemu-project/qemu/-/issues/542Exploit

https://security.gentoo.org/glsa/202208-27Third Party Advisory

https://security.netapp.com/advisory/ntap-20220624-0001/Third Party Advisory

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

6.5

CVSSv31

2.1

CVSSv2

Others affected components#

Name

Project

Project Version

Version

Status

buildroot

2025.02.x

9.2.0

Not Affected

buildroot

master

11.0.0

Not Affected

openwrt

master

10.1.3-r2

Not Affected

openwrt

openwrt-25.12

10.1.2-r1

Not Affected

yocto

master

11.0.1

Not Affected

yocto

scarthgap

8.2.7

Not Affected

Resolved with patches#

qemu (yocto:kirkstone)

#

Title

Author

Resolve

1

pci: Let pci_dma_rw() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

2

dma: Let dma_buf_read() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

3

hw/audio/intel-hda: Do not ignore DMA overrun errors

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

4

dma: Let dma_memory_rw() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

5

pci: Let st*_pci_dma() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

6

dma: Let ld*_dma() propagate MemTxResult

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

7

dma: Let dma_memory_valid() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

8

dma: Let dma_memory_read/write() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

9

dma: Have dma_buf_rw() take a void pointer

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

10

pci: Let ld*_pci_dma() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

11

dma: Let dma_memory_set() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

12

dma: Let dma_buf_rw() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

13

dma: Let st*_dma() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

14

dma: Let dma_buf_write() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

15

hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

16

pci: Let st*_pci_dma() propagate MemTxResult

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

17

dma: Let st*_dma() propagate MemTxResult

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

18

dma: Let dma_memory_rw_relaxed() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

19

dma: Let dma_memory_map() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

20

dma: Let dma_buf_rw() propagate MemTxResult

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

21

dma: Let ld*_dma() take MemTxAttrs argument

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

22

dma: Have dma_buf_read() / dma_buf_write() take a void

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

23

hw/scsi/megasas: Use uint32_t for reply queue head/tail

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611

24

pci: Let ld*_pci_dma() propagate MemTxResult

=?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>

CVE-2021-3611