A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The self
pointer is dereferenced in mirrorwaiton_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
{ "vanir_signatures": [ { "digest": { "function_hash": "111420676610769034413802176203666229979", "length": 765.0 }, "deprecated": false, "signature_version": "v1", "signature_type": "Function", "id": "CVE-2021-4145-0b3d3b8a", "source": "https://gitlab.com/qemu-project/qemu@66fed30c9cd11854fc878a4eceb507e915d7c9cd", "target": { "function": "mirror_wait_on_conflicts", "file": "block/mirror.c" } }, { "digest": { "line_hashes": [ "318922015838556192816489864438945311255", "207883243228566117996208701354740977517", "129441833247124108893163559685468156379", "271930729929995938552906080710242646107", "123116646464447836744365593482046772520", "10151430632489040759507122959361894067", "237221403894624056460302060588217687577", "35068563641036379331739204802122430715", "225885450527325332969300107213632380174" ], "threshold": 0.9 }, "deprecated": false, "signature_version": "v1", "signature_type": "Line", "id": "CVE-2021-4145-73199ac7", "source": "https://gitlab.com/qemu-project/qemu@66fed30c9cd11854fc878a4eceb507e915d7c9cd", "target": { "file": "block/mirror.c" } } ] }