CVE-2021-3682

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:6.1.0:-:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:6.1.0:rc1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*

Information

Published : 2021-08-05 20:15

Updated : 2021-10-18 12:20


NVD link : CVE-2021-3682

Mitre link : CVE-2021-3682


JSON object : View

Products Affected

redhat

  • enterprise_linux

qemu

  • qemu
CWE
CWE-763

Release of Invalid Pointer or Reference