CVE-2021-3748
published 2022-03-23CVE-2021-3748: A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access…
high7.5CVSS 3.1
AVLACHPRHUINSCCHIHAH
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | qemu | < qemu 1:6.1+dfsg-6 (bookworm) | qemu 1:6.1+dfsg-6 (bookworm) |
| debian | qemu | < qemu 1:7.0+dfsg-1 (bookworm) | qemu 1:7.0+dfsg-1 (bookworm) |
| fedoraproject | fedora | — | — |
| msrc | azl3_qemu_6.2.0-18_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_qemu_6.2.0-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_qemu-kvm_4.2.0-39_on_cbl_mariner_1.0 | — | — |
| qemu | qemu | — | — |
| qemu | qemu | >= 0 < 1:5.2+dfsg-11+deb11u2 | 1:5.2+dfsg-11+deb11u2 |
| qemu | qemu | >= 0 < 1:5.2+dfsg-11+deb11u1 | 1:5.2+dfsg-11+deb11u1 |
| qemu | qemu | >= 0 < 1:7.0+dfsg-1 | 1:7.0+dfsg-1 |
| qemu | qemu | >= 0 < 1:6.1+dfsg-6 | 1:6.1+dfsg-6 |
| qemu | qemu | >= 0 < 1:7.0+dfsg-1 | 1:7.0+dfsg-1 |
| qemu | qemu | >= 0 < 1:6.1+dfsg-6 | 1:6.1+dfsg-6 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
osv7.5HIGH
Microsoft
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748 which forgot to unmap the cached virtqueue elements on error leading to memory
vendor_msrc·2022-03-08·CVSS 7.5
CVE-2022-26353 [HIGH] CWE-772 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748 which forgot to unmap the cached virtqueue elements on error leading to memory
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748 which forgot to unmap the cached virtqueue elements on error leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information.
Red Hat
QEMU: virtio-net: map leaking on error during receive
vendor_redhat·2022-03-08·CVSS 7.5
CVE-2022-26353 [HIGH] CWE-772 QEMU: virtio-net: map leaking on error during receive
QEMU: virtio-net: map leaking on error during receive
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage, use-after-free or other unexpected results. A malicious privileged guest could exploit this issue to crash QEMU or potentially execute arbitrary code within the context of the QEMU process on the host.
Statement: This issue affects the versions of `qemu-kvm` as
Microsoft
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region due to num_buffers being set after the v
vendor_msrc·2022-03-08·CVSS 7.5
CVE-2021-3748 [HIGH] CWE-416 A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region due to num_buffers being set after the v
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU resulting in a denial of service condition or potentially execute code on the host with the privileges of the QEMU process.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft
Ubuntu
QEMU vulnerabilities
vendor_ubuntu·2022-02-28·CVSS 6.5
CVE-2021-3544 [MEDIUM] QEMU vulnerabilities
Title: QEMU vulnerabilities
Summary: Several security issues were fixed in QEMU.
Gaoning Pan discovered that QEMU incorrectly handled the floppy disk
emulator. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2021-20196)
Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly
handled certain values. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203)
It was discovered that the QEMU vhost-user GPU device contained several
security issues. An attacker inside the guest could use these issues to
cause QEMU to crash, resulting in a denial of service, leak sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubun
Debian
CVE-2022-26353: qemu - A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently i...
vendor_debian·2022·CVSS 7.5
CVE-2022-26353 [HIGH] CVE-2022-26353: qemu - A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently i...
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
Scope: local
bookworm: resolved (fixed in 1:7.0+dfsg-1)
bullseye: resolved (fixed in 1:5.2+dfsg-11+deb11u2)
forky: resolved (fixed in 1:7.0+dfsg-1)
sid: resolved (fixed in 1:7.0+dfsg-1)
trixie: resolved (fixed in 1:7.0+dfsg-1)
Red Hat
QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu
vendor_redhat·2021-08-27·CVSS 7.5
CVE-2021-3748 [HIGH] CWE-416 QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu
QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service co
Debian
CVE-2021-3748: qemu - A use-after-free vulnerability was found in the virtio-net device of QEMU. It co...
vendor_debian·2021·CVSS 7.5
CVE-2021-3748 [HIGH] CVE-2021-3748: qemu - A use-after-free vulnerability was found in the virtio-net device of QEMU. It co...
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
Scope: local
bookworm: resolved (fixed in 1:6.1+dfsg-6)
bullseye: resolved (fixed in 1:5.2+dfsg-11+deb11u1)
forky: resolved (fixed in 1:6.1+dfsg-6)
sid: resolved (fixed in 1:6.1+dfsg-6)
trixie: resolved (fixed in 1:6.1+dfsg-6)
GHSA
GHSA-4f87-mww8-gm8x: A use-after-free vulnerability was found in the virtio-net device of QEMU
ghsa_unreviewed·2022-03-24
CVE-2021-3748 [HIGH] CWE-416 GHSA-4f87-mww8-gm8x: A use-after-free vulnerability was found in the virtio-net device of QEMU
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
OSV
CVE-2021-3748: A use-after-free vulnerability was found in the virtio-net device of QEMU
osv·2022-03-23·CVSS 7.5
CVE-2021-3748 [HIGH] CVE-2021-3748: A use-after-free vulnerability was found in the virtio-net device of QEMU
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
GHSA
GHSA-xrwp-4qvv-59wr: A flaw was found in the virtio-net device of QEMU
ghsa_unreviewed·2022-03-17·CVSS 7.5
CVE-2022-26353 [HIGH] CWE-772 GHSA-xrwp-4qvv-59wr: A flaw was found in the virtio-net device of QEMU
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
OSV
CVE-2022-26353: A flaw was found in the virtio-net device of QEMU
osv·2022-03-16·CVSS 7.5
CVE-2022-26353 [HIGH] CVE-2022-26353: A flaw was found in the virtio-net device of QEMU
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
OSV
qemu vulnerabilities
osv·2022-02-28·CVSS 6.5
CVE-2021-20196 [MEDIUM] qemu vulnerabilities
qemu vulnerabilities
Gaoning Pan discovered that QEMU incorrectly handled the floppy disk
emulator. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2021-20196)
Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly
handled certain values. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203)
It was discovered that the QEMU vhost-user GPU device contained several
security issues. An attacker inside the guest could use these issues to
cause QEMU to crash, resulting in a denial of service, leak sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546)
It w
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=1998514https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6https://lists.debian.org/debian-lts-announce/2022/04/msg00002.htmlhttps://lists.debian.org/debian-lts-announce/2022/09/msg00008.htmlhttps://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.htmlhttps://security.gentoo.org/glsa/202208-27https://security.netapp.com/advisory/ntap-20220425-0004/https://ubuntu.com/security/CVE-2021-3748https://bugzilla.redhat.com/show_bug.cgi?id=1998514https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6https://lists.debian.org/debian-lts-announce/2022/04/msg00002.htmlhttps://lists.debian.org/debian-lts-announce/2022/09/msg00008.htmlhttps://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.htmlhttps://security.gentoo.org/glsa/202208-27https://security.netapp.com/advisory/ntap-20220425-0004/https://ubuntu.com/security/CVE-2021-3748
2022-03-23
Published