CVE-2021-3611: 
NixOS vulnerability analysis and mitigation

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU (CVE-2021-3611). The vulnerability affects QEMU versions prior to 7.0.0, where a malicious guest could crash the QEMU process on the host, resulting in a denial of service condition (NVD, CVE). The vulnerability was introduced in QEMU version 5.0.0 and was discovered in June 2021 (RedHat Bugzilla).

The vulnerability is classified as a stack overflow in the Intel HD Audio device emulation. It has a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. The issue manifests when processing DMA operations through the intel-hda device, specifically in the ldlledma function call chain (QEMU Issue). The vulnerability is categorized as CWE-787 (Out-of-bounds Write) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

The primary impact of this vulnerability is on system availability. When successfully exploited, it allows a malicious guest to crash the QEMU process on the host, resulting in a denial of service condition. The vulnerability affects the system's availability while maintaining no impact on confidentiality or integrity (NetApp Advisory).

The vulnerability was fixed in QEMU version 7.0.0. Users are advised to upgrade to QEMU version 7.0.0 or later to address this security issue. For systems that cannot be immediately upgraded, no alternative workarounds are currently available (Gentoo Security).