PT-2021-7328 · Qemu+5 · Qemu+5

Mauro Matteo Cascella

Published

2021-07-19

Updated

2024-06-15

CVE-2021-3682

CVSS v3.1

8.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU versions prior to 6.1.0-rc2

Description A flaw was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

Recommendations For QEMU versions prior to 6.1.0-rc2, update to version 6.1.0-rc2 or later to resolve the issue. As a temporary workaround, consider restricting access to the SPICE client to minimize the risk of exploitation. Avoid using the USB redirector device emulation until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-763

Related Identifiers

ALT-PU-2021-2713

ALT-PU-2021-3363

AZL-6830

BDU:2022-05693

CVE-2021-3682

DLA-2753-1

DLA-3099-1

DSA-4980-1

OESA-2021-1316

OPENSUSE-SU-2021:1202-1

OPENSUSE-SU-2021:2789-1

OPENSUSE-SU-2021:2858-1

OPENSUSE-SU-2021:3614-1

OPENSUSE-SU-2021_1202-1

OPENSUSE-SU-2021_2789-1

OPENSUSE-SU-2021_2858-1

OPENSUSE-SU-2021_3614-1

OPENSUSE-SU-2024:11287-1

RHSA-2021:3703

RHSA-2021:3704

SUSE-SU-2021:14848-1

SUSE-SU-2021:2789-1

SUSE-SU-2021:2813-1

SUSE-SU-2021:2858-1

SUSE-SU-2021:3575-1

SUSE-SU-2021:3613-1

SUSE-SU-2021:3614-1

SUSE-SU-2021:3635-1

SUSE-SU-2021_14848-1

USN-5307-1

USN-5772-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Qemu

Suse

Ubuntu

PT-2021-7328 · Qemu+5 · Qemu+5

CVE-2021-3682

Weakness Enumeration

Related Identifiers

Affected Products

References · 266