Vulnerability Details : CVE-2021-3750
Potential exploit
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2021-3750
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3750
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3750
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
8.2
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
1.5
|
6.0
|
NIST |
CWE ids for CVE-2021-3750
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2021-3750
-
https://bugzilla.redhat.com/show_bug.cgi?id=1999073
1999073 – (CVE-2021-3750) CVE-2021-3750 QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-freeIssue Tracking;Third Party Advisory
-
https://gitlab.com/qemu-project/qemu/-/issues/541
Heap-use-after-free through ehci_flush_qh (#541) · Issues · QEMU / QEMU · GitLabExploit;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20220624-0003/
CVE-2021-3750 QEMU Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://gitlab.com/qemu-project/qemu/-/issues/556
Fix DMA MMIO reentrancy issues (#556) · Issues · QEMU / QEMU · GitLabThird Party Advisory
-
https://security.gentoo.org/glsa/202208-27
QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo securityThird Party Advisory
Jump to