CVE-2021-3409: 
NixOS vulnerability analysis and mitigation

The vulnerability CVE-2021-3409 was identified as an incomplete fix for previous vulnerabilities (CVE-2020-17380/CVE-2020-25085) in QEMU's SDHCI controller emulation code. The vulnerability affects QEMU versions up to and including 5.2.0, discovered in early 2021. This security flaw involves out-of-bounds read/write access issues in the SDHCI controller emulation code (NVD, OpenWall).

The vulnerability stems from an ineffective patch that was supposed to address heap buffer overflow issues in the SDHCI controller emulation. The flaw can be triggered with specially crafted input, which induces a bogus transfer and subsequent out-of-bounds read/write access in sdhcidoadma() or sdhcisdmatransfermultiblocks() functions. The vulnerability has been assigned a CVSS v3.1 base score of 5.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L (NVD).

When successfully exploited, this vulnerability allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service condition. Additionally, there is potential for code execution on the host system (CVE, NetApp Advisory).

The issue was addressed through a new patch series proposed in the QEMU project. Multiple commits were merged to fix the vulnerability, including improvements to the SDHCI controller emulation code. Users are advised to upgrade to QEMU versions that include these fixes (OpenWall, Debian Advisory).