CVE-2021-3750 — Use After Free in Qemu
Severity
8.2HIGHNVD
OSV8.5
EPSS
0.0%
top 91.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 2
Latest updateSep 13
Description
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of se…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0
🔴Vulnerability Details
9📋Vendor Advisories
9Debian▶
CVE-2023-2680: qemu - This CVE exists because of an incomplete fix for CVE-2021-3750. More specificall...↗2023
Microsoft▶
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and just like it when the reentrancy write triggers the reset function nvm↗2022-08-09
Microsoft▶
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted conte↗2022-05-10