CVE-2021-3682: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a…

CVE-2021-3682 [HIGH] QEMU vulnerabilities Title: QEMU vulnerabilities Summary: Several security issues were fixed in QEMU. It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2021-3682) It was discovered that QEMU did not properly manage memory when it transfers the USB packets. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-3750) It was discovered that the QEMU SCSI device emulation incorrectly handled certain MOD

CVE-2021-3544 [MEDIUM] QEMU vulnerabilities Title: QEMU vulnerabilities Summary: Several security issues were fixed in QEMU. Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20196) Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly handled certain values. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203) It was discovered that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubun

CVE-2021-3682 [HIGH] CWE-763 A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2021-3682 [HIGH] CWE-763 QEMU: usbredir: free() call on invalid pointer in bufp_alloc() QEMU: usbredir: free() call on invalid pointer in bufp_alloc() A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. A flaw was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potent

CVE-2021-3682 [HIGH] CVE-2021-3682: qemu - A flaw was found in the USB redirector device emulation of QEMU in versions prio... A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. Scope: local bookworm: resolved (fixed in 1:6.0+dfsg-3) bullseye: resolved (fixed in 1:5.2+dfsg-11+deb11u1) forky: resolved (fixed in 1:6.0+dfsg-3) sid: resolved (fixed in 1:6.0+dfsg-3) trixie: resolved (fixed in 1:6.0+dfsg-3)

CVE-2021-3682 [HIGH] qemu vulnerabilities qemu vulnerabilities It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2021-3682) It was discovered that QEMU did not properly manage memory when it transfers the USB packets. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-3750) It was discovered that the QEMU SCSI device emulation incorrectly handled certain MODE SELECT commands. An attacker inside the guest could possibl

CVE-2021-3682 [CRITICAL] CWE-763 GHSA-2w4j-r5v6-3vgr: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6 A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

CVE-2021-20196 [MEDIUM] qemu vulnerabilities qemu vulnerabilities Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20196) Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly handled certain values. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203) It was discovered that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546) It w

CVE-2021-3682 [HIGH] CVE-2021-3682: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6 A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

Breaking Isolation: A New Perspective on Hypervisor Exploitation via Cross-Domain Attacks Breaking Isolation: A New Perspective on Hypervisor Exploitation via Cross-Domain Attacks Gaoning Pan12, Yiming Tao3, Qinying Wang43, Chunming Wu3, Mingde Hu12, Yizhi Ren12 , Shouling Ji3 1Hangzhou Dianzi University, 3Zhejiang University, 4EPFL 2Zhejiang Provincial Key Laboratory of Sensitive Data Security and Confidentiality Governance Email: \pgn, 20227001, renyz\@hdu.edu.cn, \taoym, wuchunming, sji\@zju.edu.cn, [email protected] Corresponding Author: Yizhi Ren ([email protected]) \@IEEEpubidpullup6.5 Network and Distributed System Security (NDSS) Symposium 2026 23 - 27 February 2026 , San Diego, CA, USA ISBN 979-8-9919276-8-0 https://dx.doi.org/10.14722/ndss.2026.240376 www.ndss-symposium.org [ ] ## Abstract Hypervisors are under threat by critical memory safety vulnerab