CVE-2021-3748
QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en el dispositivo virtio-net de QEMU. Podría ocurrir cuando la dirección del descriptor pertenece a la región de acceso no directo, debido a que num_buffers es establecido después de que el elemento virtqueue haya sido desmapeado. Un huésped malicioso podría usar este fallo para bloquear QEMU, resultando en una condición de denegación de servicio, o potencialmente ejecutar código en el host con los privilegios del proceso QEMU
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-30 CVE Reserved
- 2021-10-28 CVE Published
- 2023-06-28 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20220425-0004 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1998514 | 2022-05-10 | |
https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6 | 2023-01-03 | |
https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html | 2023-01-03 | |
https://ubuntu.com/security/CVE-2021-3748 | 2023-01-03 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202208-27 | 2023-01-03 | |
https://access.redhat.com/security/cve/CVE-2021-3748 | 2022-05-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | >= 0.10.0 < 6.2.0 Search vendor "Qemu" for product "Qemu" and version " >= 0.10.0 < 6.2.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 21.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "21.10" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | advanced_virtualization |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Advanced Virtualization Eus Search vendor "Redhat" for product "Enterprise Linux Advanced Virtualization Eus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Advanced Virtualization Eus" and version "8.4" | - |
Affected
|