← Back

CVE-2021-3748

nvd nist
Published: Mar 23, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 6.0
Source: NVD

Description

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.

Affected (9)

Products: Qemu: Qemu · Debian: Debian Linux · Canonical: Ubuntu Linux · +2 more
Show all products
Qemu: Qemu · Debian: Debian Linux · Canonical: Ubuntu Linux · Fedoraproject: Fedora · Redhat: Enterprise Linux, Enterprise Linux Advanced Virtualization Eus
Qemu
1 product
Qemu
Debian
1 product
Debian Linux
Canonical
1 product
Ubuntu Linux
Fedoraproject
1 product
Fedora
Redhat
2 products
Enterprise Linux
Enterprise Linux Advanced Virtualization Eus
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Qemu
From 0.10.0 to 6.2.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 9.0
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 20.04
Ubuntu Linux
Version 21.10
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 34
Configuration E
2 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 8.0
Enterprise Linux Advanced Virtualization Eus
Version 8.4

Related CWEs

CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (16)

Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListPatchThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.