CVE-2021-3527

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description A flaw was found in the USB redirector device of QEMU, where small USB packets are combined into a single, large transfer request to improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array on the stack without proper validation, allowing a malicious guest to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALT-PU-2021-2713

ALT-PU-2021-3363

ALT-PU-2024-1248

ALT-PU-2024-6235

ALT-PU-2024-7201

BDU:2022-05840

CVE-2021-3527

DLA-2753-1

DLA-3099-1

OESA-2021-1241

OPENSUSE-SU-2021:1202-1

OPENSUSE-SU-2021:2789-1

OPENSUSE-SU-2021:2858-1

OPENSUSE-SU-2021:3614-1

OPENSUSE-SU-2021_1202-1

OPENSUSE-SU-2021_2789-1

OPENSUSE-SU-2021_2858-1

OPENSUSE-SU-2021_3614-1

OPENSUSE-SU-2024:11287-1

SUSE-SU-2021:14848-1

SUSE-SU-2021:2789-1

SUSE-SU-2021:2813-1

SUSE-SU-2021:2858-1

SUSE-SU-2021:3575-1

SUSE-SU-2021:3613-1

SUSE-SU-2021:3614-1

SUSE-SU-2021:3635-1

SUSE-SU-2021_14848-1

USN-5010-1

USN-8412-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Qemu

Suse

Ubuntu

CVE-2021-3527

Weakness Enumeration

Related Identifiers

Affected Products

References · 307