CVE-2021-3750

EUVD-2021-27025
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
qemuqemu
𝑥
< 7.0.0
redhatenterprise_linux
8.0
redhatenterprise_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
ignored
bullseye (security)
vulnerable
buster
postponed
sid
1:9.1.1+ds-2
fixed
stretch
postponed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
bionic
Fixed 1:2.11+dfsg-1ubuntu7.41
released
focal
Fixed 1:4.2-3ubuntu6.24
released
hirsute
ignored
impish
ignored
jammy
Fixed 1:6.2+dfsg-2ubuntu6.6
released
kinetic
Fixed 1:7.0+dfsg-7ubuntu1
released
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1999073
https://gitlab.com/qemu-project/qemu/-/issues/541
https://gitlab.com/qemu-project/qemu/-/issues/556
https://security.gentoo.org/glsa/202208-27
https://security.netapp.com/advisory/ntap-20220624-0003/
https://bugzilla.redhat.com/show_bug.cgi?id=1999073
https://gitlab.com/qemu-project/qemu/-/issues/541
https://gitlab.com/qemu-project/qemu/-/issues/556
https://security.gentoo.org/glsa/202208-27
https://security.netapp.com/advisory/ntap-20220624-0003/