Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-3682

Published: 5 August 2021

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

Priority

Medium

Cvss 3 Severity Score

8.5

Score breakdown

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic
Released (1:2.11+dfsg-1ubuntu7.39)
focal
Released (1:4.2-3ubuntu6.21)
hirsute Ignored
(reached end-of-life)
impish
Released (1:6.0+dfsg-2expubuntu1.2)
jammy
Released (1:6.2+dfsg-2ubuntu5)
kinetic
Released (1:6.2+dfsg-2ubuntu5)
trusty
Released (2.0.0+dfsg-2ubuntu1.47+esm2)
upstream Needs triage

xenial
Released (1:2.5+dfsg-5ubuntu10.51+esm1)
Patches:
upstream: https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9

Severity score breakdown

Parameter Value
Base score 8.5
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Scope Changed
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H