Launchpad CVE tracker

CVE 2021-20196

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Related bugs and status

CVE-2021-20196 (Candidate) is related to these bugs:

Bug #1912780: QEMU: Null Pointer Failure in fdctrl_read() in hw/block/fdc.c

Summary				In	Importance	Status
	1912780	QEMU: Null Pointer Failure in fdctrl_read() in hw/block/fdc.c		QEMU	High	Expired

Bug #1953338: [UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - qemu part

		In	Importance	Status
1953338	[UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - qemu part	qemu (Ubuntu)	Undecided	Fix Released
1953338	[UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - qemu part	Ubuntu on IBM z Systems	High	Fix Released
1953338	[UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - qemu part	qemu (Ubuntu Focal)	Undecided	Fix Released

Bug #1959984: [22.04 FEAT] KVM: Allow long kernel command lines for QEMU

Summary				In	Importance	Status
	1959984	[22.04 FEAT] KVM: Allow long kernel command lines for QEMU		qemu (Ubuntu)	High	Fix Released
	1959984	[22.04 FEAT] KVM: Allow long kernel command lines for QEMU		Ubuntu on IBM z Systems	High	Fix Released

Bug #2038888: [Debian] High CVE: CVE-2020-14394/CVE-2021-20196/.../CVE-2023-3301/CVE-2023-3354 qemu: multiple CVEs

Summary				In	Importance	Status
	2038888	[Debian] High CVE: CVE-2020-14394/CVE-2021-20196/.../CVE-2023-3301/CVE-2023-3354 qemu: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-20196

References