{"id":"CVE-2021-3507","details":"A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.","modified":"2026-05-15T12:03:24.461737217Z","published":"2021-05-06T16:15:07.547Z","related":["ALSA-2022:7967","SUSE-SU-2022:3768-1","SUSE-SU-2023:0761-1","SUSE-SU-2023:0840-1","SUSE-SU-2023:0878-1","SUSE-SU-2023:0879-1","SUSE-SU-2023:0879-2"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"10.0"}],"vendor_product":"debian:debian_linux"},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*"],"extracted_events":[{"last_affected":"8.0"},{"last_affected":"8.0"}],"vendor_product":"redhat:enterprise_linux"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210528-0005/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951118"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"}]}