CVE-2021-3392: Use After Free
First published: Tue Feb 02 2021(Updated: )
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/qemu | <6.0.0 | 6.0.0 |
| QEMU KVM | >=2.10.0<=5.2.0 | |
| Fedoraproject Fedora | =33 | |
| Debian GNU/Linux | =9.0 | |
| Debian GNU/Linux | =10.0 | |
| Fedora | =33 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u12 1:9.2.1+ds-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.launchpad.net/qemu/+bug/1914236
- https://bugzilla.redhat.com/show_bug.cgi?id=1924042
- https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- https://security.netapp.com/advisory/ntap-20210507-0001/
- https://launchpad.net/bugs/cve/CVE-2021-3392
- https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1924043
- https://access.redhat.com/security/cve/cve-2021-3392
- https://git.qemu.org/?p=qemu.git;a=commit;h=3791642c8d60029adf9b00bcb4e34d7d8a1aea4d
- https://security-tracker.debian.org/tracker/CVE-2021-3392
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3392
- https://nvd.nist.gov/vuln/detail/CVE-2021-3392
- https://ubuntu.com/security/CVE-2021-3392
Frequently Asked Questions
What is CVE-2021-3392?
CVE-2021-3392 is a use-after-free flaw found in the MegaRAID emulator of QEMU.
How does CVE-2021-3392 affect QEMU?
CVE-2021-3392 affects QEMU by causing a crash when processing SCSI I/O requests in the case of an error.
What is the severity of CVE-2021-3392?
The severity of CVE-2021-3392 is low with a CVSS score of 3.2.
How can I fix CVE-2021-3392 in QEMU?
To fix CVE-2021-3392 in QEMU, update to version 6.0.0 or apply the provided security patches by the respective vendors.
Where can I find more information about CVE-2021-3392?
More information about CVE-2021-3392 can be found on the MITRE CVE website, the QEMU-devel mailing list, and the Ubuntu Security Notices website.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3392
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/description
- agent/trending
- agent/last-modified-date
- agent/source
- agent/event
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/qemu
- canonical/qemu kvm
- version/qemu kvm/2.10.0
- version/qemu kvm/5.2.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/9.0
- version/debian gnu/linux/10.0
- canonical/fedora
- version/fedora/33
- canonical/debian
- version/debian/9.0
- version/debian/10.0
- package-manager/debian