CVE-2021-3682
Advisory lineage Upstream: 0 Downstream: 22
Modified
Published: 05 Aug 2021, 19:51
Last modified:03 Aug 2024, 17:01
Vulnerability Summary
Overall Risk (default)
medium
34/100 CVSS Score
8.5 HIGH
v3.1 (nvd)
EPSS Score
0.48% LOW
0% probability -0.01%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
05 Aug 2021, 19:51
Published
Vulnerability first disclosed
03 Aug 2024, 17:01
Last Modified
Vulnerability information updated
Description
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
CVSS Metrics
- v3.1•HIGH•Score: 8.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
- v2.0•MEDIUM•Score: 6AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.48%• Percentile: 65%
Techniques & Countermeasures
- CWE-763•Release of Invalid Pointer or Reference
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
Affected Systems
- debian•debian_linux
9.0 | 10.0 | 11.0
- qemu•qemu
< 6.1.0 | 6.1.0:rc1
- redhat•enterprise_linux
8.0
References (6)
- https://bugzilla.redhat.com/show_bug.cgi?id=1989651
- https://security.netapp.com/advisory/ntap-20210902-0006/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
- https://www.debian.org/security/2021/dsa-4980
- https://security.gentoo.org/glsa/202208-27
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html