Vulnerability Name:

CVE-2021-3527 (CCN-201297)

Assigned:2021-05-05
Published:2021-05-05
Updated:2022-09-30
Summary:A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-770
CWE-770
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-3527

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1955695

Source: XF
Type: UNKNOWN
qemu-cve20213527-dos(201297)

Source: MISC
Type: Patch, Third Party Advisory
https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c

Source: MISC
Type: Patch, Third Party Advisory
https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update

Source: CCN
Type: oss-sec Mailing List, Wed, 5 May 2021 19:09:40 +0200
CVE-2021-3527 QEMU: usb: unbounded stack allocation in usbredir

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-27

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210708-0008/

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/05/05/5

Source: CCN
Type: QEMU Web site
QEMU

Vulnerable Configuration:Configuration 1:
  • cpe:/a:qemu:qemu:*:*:*:*:*:*:*:* (Version <= 6.0.0)

    • Configuration 2:
  • cpe:/o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:qemu:qemu:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8048
    P
    		osc-0.182.0-150100.3.32.1 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7981
    P
    		vorbis-tools-1.4.0-1.53 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7791
    P
    		qemu-tools-7.1.0-150500.47.15 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:51978
    P
    		Security update for vim (Important)
    2022-12-28
    oval:org.opensuse.security:def:764
    P
    		Security update for the Linux Kernel (Important)
    2022-09-16
    oval:org.opensuse.security:def:6137
    P
    		Security update for cifs-utils (Moderate)
    2022-08-12
    oval:org.opensuse.security:def:3665
    P
    		Security update for harfbuzz (Important)
    2022-08-04
    oval:org.opensuse.security:def:95428
    P
    		Security update for MozillaThunderbird (Important) (in QA)
    2022-08-01
    oval:org.opensuse.security:def:95355
    P
    		Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) (Important)
    2022-07-21
    oval:org.opensuse.security:def:93144
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3468
    P
    		cyrus-sasl-2.1.26-8.7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3187
    P
    		libidn-tools-1.28-5.6.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3518
    P
    		guile-2.0.9-9.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94580
    P
    		hplip-devel-3.21.10-150400.1.9 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94817
    P
    		qemu-tools-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95148
    P
    		qemu-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:351
    P
    		qemu-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-10
    oval:org.opensuse.security:def:93297
    P
    		 (Important)
    2022-05-17
    oval:org.opensuse.security:def:102141
    P
    		Security update for python2-numpy (Moderate)
    2022-03-31
    oval:org.opensuse.security:def:99757
    P
    		 (Important)
    2022-03-07
    oval:org.opensuse.security:def:100068
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:113318
    P
    		qemu-6.1.0-32.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:6155
    P
    		Security update for libvirt (Important)
    2022-01-05
    oval:org.opensuse.security:def:99164
    P
    		 (Moderate)
    2021-12-03
    oval:org.opensuse.security:def:46316
    P
    		Security update for xen (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:41886
    P
    		Security update for xen (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:127187
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:59559
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:23990
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:89472
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:59817
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:88213
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:125623
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:33736
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:88530
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:126790
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:33994
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:89214
    P
    		Security update for qemu (Important)
    2021-11-09
    oval:org.opensuse.security:def:108807
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:76037
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:92807
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:105854
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:9609
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:69948
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:6217
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:99359
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:106734
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:92214
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:111773
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:8858
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:5880
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:92991
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:106049
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:9808
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:70310
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:99558
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:92409
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:9053
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:69556
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:98969
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:106248
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:10170
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:70499
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:67306
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:92608
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:105659
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:9416
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:69749
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:66969
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:76374
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:106447
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:10359
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:92019
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:8669
    P
    		Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:30260
    P
    		Security update for qemu (Important)
    2021-10-28
    oval:org.opensuse.security:def:55261
    P
    		Security update for qemu (Important)
    2021-10-28
    oval:org.opensuse.security:def:55963
    P
    		Security update for qemu (Important)
    2021-10-28
    oval:org.opensuse.security:def:82645
    P
    		Security update for qemu (Important)
    2021-10-28
    oval:org.opensuse.security:def:29438
    P
    		Security update for qemu (Important)
    2021-10-28
    oval:org.opensuse.security:def:56083
    P
    		Security update for qemu (Important)
    2021-10-28
    oval:org.opensuse.security:def:83347
    P
    		Security update for qemu (Important)
    2021-10-28
    oval:org.opensuse.security:def:30140
    P
    		Security update for qemu (Important)
    2021-10-28
    oval:org.opensuse.security:def:83467
    P
    		Security update for qemu (Important)
    2021-10-28
    oval:org.opensuse.security:def:102068
    P
    		Security update for apache2 (Important)
    2021-10-26
    oval:org.opensuse.security:def:106728
    P
    		qemu-6.1.0-32.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:87465
    P
    		Security update for qemu (Moderate)
    2021-09-09
    oval:org.opensuse.security:def:33001
    P
    		Security update for qemu (Moderate)
    2021-09-09
    oval:org.opensuse.security:def:58824
    P
    		Security update for qemu (Moderate)
    2021-09-09
    oval:org.opensuse.security:def:1625
    P
    		Security update for qemu (Moderate)
    2021-08-27
    oval:org.opensuse.security:def:69137
    P
    		Security update for qemu (Moderate)
    2021-08-27
    oval:org.opensuse.security:def:64754
    P
    		Security update for qemu (Moderate)
    2021-08-27
    oval:org.opensuse.security:def:101495
    P
    		Security update for qemu (Moderate)
    2021-08-27
    oval:org.opensuse.security:def:67244
    P
    		Security update for qemu (Moderate)
    2021-08-27
    oval:org.opensuse.security:def:73876
    P
    		Security update for qemu (Moderate)
    2021-08-27
    oval:org.opensuse.security:def:76312
    P
    		Security update for qemu (Moderate)
    2021-08-27
    oval:org.opensuse.security:def:102201
    P
    		Security update for qemu (Moderate)
    2021-08-27
    oval:org.opensuse.security:def:111691
    P
    		Security update for qemu (Moderate)
    2021-08-27
    oval:org.opensuse.security:def:111033
    P
    		Security update for qemu (Important)
    2021-08-26
    oval:org.opensuse.security:def:34514
    P
    		Security update for qemu (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:60337
    P
    		Security update for qemu (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:96062
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:42111
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:102752
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:67226
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:118514
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:73679
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:101293
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:109418
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:76294
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:107959
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:66896
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:111672
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:108734
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:75964
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:117473
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:69070
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:5807
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:64557
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:44854
    P
    		Security update for kvm (Moderate)
    2021-08-19
    oval:org.opensuse.security:def:40424
    P
    		Security update for kvm (Moderate)
    2021-08-19
    BACK
    qemu qemu *
    redhat enterprise linux 8.0
    redhat enterprise linux 8.0
    debian debian linux 9.0
    debian debian linux 10.0
    qemu qemu -