CVE-2021-3392Use After Free in Qemu

CWE-416Use After Free8 documents7 sources
Severity
3.2LOWNVD
OSV2.3
EPSS
0.0%
top 92.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
QemuDebian QemuDebian Linux+5 more
Timeline
PublishedMar 23
Latest updateMay 24

Description

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:LExploitability: 1.5 | Impact: 1.4

Affected Packages9 packages

debiandebian/qemu< qemu 1:5.2+dfsg-10 (bookworm)
Debianqemu/qemu< 1:5.2+dfsg-10+3
Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.37+1
NVDqemu/qemu2.10.05.2.0
CVEListV5qemu/qemubetween 2.10.0 and 5.2.0

Also affects: Debian Linux 10.0, 9.0, Fedora 33

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-466h-jr37-234f: A use-after-free flaw was found in the MegaRAID emulator of QEMU2022-05-24
OSV
qemu vulnerabilities2021-07-15
OSV
CVE-2021-3392: A use-after-free flaw was found in the MegaRAID emulator of QEMU2021-03-23

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2021-07-15
Microsoft
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request o2021-03-09
Red Hat
QEMU: scsi: mptsas: use-after-free while processing io requests2021-02-02
Debian
CVE-2021-3392: qemu - A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occ...2021