First published: Fri Aug 27 2021(Updated: )
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU qemu | >=0.10.0<6.2.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Canonical Ubuntu Linux | =21.10 | |
Fedoraproject Fedora | =34 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Advanced Virtualization Eus | =8.4 | |
redhat/qemu-kvm | <6.2.0 | 6.2.0 |
debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u7 1:9.1.2+ds-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this use-after-free vulnerability is CVE-2021-3748.
The severity level of CVE-2021-3748 is high with a severity value of 7.5.
The affected software includes QEMU, qemu-kvm, Debian Linux, Ubuntu Linux, Fedora, and Red Hat Enterprise Linux.
A malicious guest can exploit CVE-2021-3748 to crash QEMU by causing a use-after-free vulnerability in the virtio-net device.
You can find more information about CVE-2021-3748 on the QEMU mailing list and GitLab repositories.