CVE-2021-3713Out-of-bounds Write in Qemu

CWE-787Out-of-bounds Write8 documents7 sources
Severity
7.4HIGHNVD
OSV6.5
EPSS
0.0%
top 90.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
QemuDebian QemuDebian Linux+6 more
Timeline
PublishedAug 25
Latest updateMay 24

Description

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 0.7 | Impact: 6.0

Affected Packages11 packages

debiandebian/qemu< qemu 1:6.1+dfsg-2 (bookworm)
Debianqemu/qemu< 1:5.2+dfsg-11+deb11u1+3
Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.39+1
NVDqemu/qemu6.1.0
CVEListV5qemu/qemuqemu 6.2.0-rc0

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-q4w6-2g7p-pr2c: An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 62022-05-24
OSV
qemu vulnerabilities2022-02-28
OSV
CVE-2021-3713: An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 62021-08-25

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2022-02-28
Red Hat
QEMU: out-of-bounds write in UAS (USB Attached SCSI) device emulation2021-08-17
Microsoft
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked which can lead 2021-08-10
Debian
CVE-2021-3713: qemu - An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emul...2021