CVE-2021-3607: 
NixOS vulnerability analysis and mitigation

An integer overflow vulnerability (CVE-2021-3607) was discovered in the QEMU implementation of VMWare's paravirtual RDMA device. The vulnerability was found in QEMU versions prior to 6.1.0 and affects Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04 systems (Ubuntu Notice, Red Hat Bugzilla).

The vulnerability occurs while handling a 'PVRDMAREGDSRHIGH' write from the guest due to improper input validation. Specifically, the initdevring() function in pvrdmamain.c does not validate the guest-supplied 'numpages' parameter, which is subsequently decremented and used in pvrdmaringinit() to allocate dynamic memory via gmalloc(). This could result in a NULL pointer dereference issue or allocation of large amounts of memory and out-of-bounds read access ([Red Hat Bugzilla](https://bugzilla.redhat.com/showbug.cgi?id=1973349)).

The vulnerability has been assigned a CVSS score of 3.2 (LOW) with the vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L. When successfully exploited, it could lead to a denial of service condition by causing the QEMU process to crash on the host (NetApp Security).

A patch was released to fix the vulnerability by ensuring correct input validation on ring initialization. The fix includes checking that the guest passed a non-zero page count for pvrdma device ring buffers. Users should upgrade to QEMU version 6.1.0 or later to address this vulnerability (GNU Patch).