CVE-2021-3682 — Release of Invalid Pointer or Reference in Qemu

CWE-763 — Release of Invalid Pointer or Reference11 documents8 sources

Severity

8.5HIGHNVD

OSV6.5

EPSS

0.4%

top 38.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux +7 more

Timeline

PublishedAug 5

Latest updateDec 27

Description

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages11 packages

▶NVDqemu/qemu< 6.1.0+1

▶debiandebian/qemu< qemu 1:6.0+dfsg-3 (bookworm)

▶Debianqemu/qemu< 1:5.2+dfsg-11+deb11u1+3

▶Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.39+6

▶CVEListV5qemu/qemuqemu 6.1.0-rc2

Also affects: Debian Linux 10.0, 11.0, 9.0, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

qemu vulnerabilities↗2022-12-12

▶

GHSA

GHSA-2w4j-r5v6-3vgr: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6↗2022-05-24

▶

OSV

qemu vulnerabilities↗2022-02-28

▶

OSV

CVE-2021-3682: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6↗2021-08-05

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2022-12-12

▶

Ubuntu

QEMU vulnerabilities↗2022-02-28

▶

Microsoft

▶

Red Hat

QEMU: usbredir: free() call on invalid pointer in bufp_alloc()↗2021-07-19

▶

Debian

CVE-2021-3682: qemu - A flaw was found in the USB redirector device emulation of QEMU in versions prio...↗2021

▶

📄Research Papers

arXiv

Breaking Isolation: A New Perspective on Hypervisor Exploitation via Cross-Domain Attacks↗2025-12-27

▶