CVE-2021-3748

Name
CVE-2021-3748
Description
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6
MISC https://ubuntu.com/security/CVE-2021-3748
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1998514
MISC https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html
MLIST https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20220425-0004/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* qemu >= 0.10.0 < 6.2.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
qemu 3.15-community 6.1.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable