CVE-2021-3582: 
NixOS vulnerability analysis and mitigation

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device (CVE-2021-3582). The vulnerability was discovered in the handling of 'PVRDMACMDCREATE_MR' command due to improper memory remapping (mremap). The issue affects QEMU versions prior to 2.17.2 (NVD, Debian Tracker).

The vulnerability exists in pvrdmamaptopdir() function in hw/rdma/vmw/pvrdmacmd.c. The flaw occurs while handling a 'PVRDMACMDCREATEMR' command through createmr() handler. The issue stems from mremap() being called repeatedly in a while loop without properly checking whether the location of the new mapping exceeds a previously remapped memory region (Red Hat Bugzilla). The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H (NVD).

The highest threat from this vulnerability is to system availability. When successfully exploited, this flaw allows a malicious guest to crash the QEMU process on the host, resulting in a denial of service (DoS) (NVD, NetApp Advisory).

The vulnerability has been fixed in QEMU version 2.17.2. Users are advised to upgrade their QEMU installations to this version or later. For systems where immediate upgrade is not possible, no alternative workarounds are currently available (Gentoo Security).