CVE-2021-3713
CVE-2021-3713
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
25 ago 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.
Productos afectados
n/a · QEMUReferencias
https://bugzilla.redhat.com/show_bug.cgi?id=1994640https://lists.debian.org/debian-lts-announce/2021/09/msg00000.htmlhttps://lists.debian.org/debian-lts-announce/2022/09/msg00008.htmlhttps://security.gentoo.org/glsa/202208-27https://security.netapp.com/advisory/ntap-20210923-0006/https://www.debian.org/security/2021/dsa-4980