CVE-2021-3713
Advisory lineage Upstream: 0 Downstream: 18
Modified
Published: 25 Aug 2021, 18:40
Last modified:03 Aug 2024, 17:01
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.4 HIGH
v3.1 (nvd)
EPSS Score
0.1% LOW
0% probability +0.07%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
25 Aug 2021, 18:40
Published
Vulnerability first disclosed
03 Aug 2024, 17:01
Last Modified
Vulnerability information updated
Description
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.
CVSS Metrics
- v3.1•HIGH•Score: 7.4CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.10%• Percentile: 28%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Affected Systems
- debian•debian_linux
9.0 | 10.0 | 11.0
- qemu•qemu
≤ 6.1.0
References (6)
- https://bugzilla.redhat.com/show_bug.cgi?id=1994640
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
- https://security.netapp.com/advisory/ntap-20210923-0006/
- https://www.debian.org/security/2021/dsa-4980
- https://security.gentoo.org/glsa/202208-27
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html