Vulnerability CVE-2021-3713

Vulnerability Name:

CVE-2021-3713 (CCN-208271)

Assigned:

2021-08-17

Published:

2021-08-17

Updated:

2022-10-25

Summary:

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.

CVSS v3 Severity:

7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Physical Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-787

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-3713

Source: CCN
Type: Red Hat Bugzilla Bug 1994640
(CVE-2021-3713) - CVE-2021-3713 QEMU: out-of-bounds write in UAS (USB Attached SCSI) device emulation

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1994640

Source: XF
Type: UNKNOWN
qemu-cve20213713-code-exec(208271)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-27

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210923-0006/

Source: DEBIAN
Type: Third Party Advisory
DSA-4980

Source: CCN
Type: QEMU Web site
QEMU

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-3713

Vulnerable Configuration:

Configuration 1:

cpe:/a:qemu:qemu:*:*:*:*:*:*:*:* (Version <= 6.1.0)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:qemu:qemu:6.2.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8065	P	snakeyaml-1.33-150200.3.12.4 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8000	P	cross-nvptx-gcc7-7.5.0+r278197-4.30.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7791	P	qemu-tools-7.1.0-150500.47.15 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51978	P	Security update for vim (Important)	2022-12-28
oval:org.opensuse.security:def:803	P	Security update for slurm (Important)	2022-10-06
oval:org.opensuse.security:def:95428	P	Security update for MozillaThunderbird (Important) (in QA)	2022-08-01
oval:org.opensuse.security:def:95427	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:3704	P	Security update for ncurses (Moderate) (in QA)	2022-07-18
oval:org.opensuse.security:def:93144	P	(Important)	2022-07-06
oval:org.opensuse.security:def:3187	P	libidn-tools-1.28-5.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3518	P	guile-2.0.9-9.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3521	P	gzip-1.10-2.12 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94633	P	libdmx-devel-1.1.3-1.23 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94817	P	qemu-tools-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95148	P	qemu-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:351	P	qemu-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:93297	P	(Important)	2022-05-17
oval:org.opensuse.security:def:102141	P	Security update for python2-numpy (Moderate)	2022-03-31
oval:org.opensuse.security:def:99757	P	(Important)	2022-03-07
oval:org.opensuse.security:def:100068	P	(Important)	2022-01-25
oval:org.opensuse.security:def:113319	P	qemu-6.1.0-34.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:102140	P	Security update for python-pip (Moderate)	2021-12-13
oval:org.opensuse.security:def:99164	P	(Moderate)	2021-12-03
oval:org.opensuse.security:def:58864	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:85763	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:31702	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:57122	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:86166	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:23701	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:32215	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:57525	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:84233	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:86679	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:51689	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:33041	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:58038	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:84691	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:87505	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:31299	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:33736	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:127187	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:88213	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:33994	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:59559	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:88530	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:125623	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:59817	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:23990	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:89214	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:126790	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:89472	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:111127	P	Security update for qemu (Important)	2021-11-08
oval:org.opensuse.security:def:106049	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:10170	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92019	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:99558	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92807	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9416	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:69948	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:98969	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:76374	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:106248	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:10359	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92214	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:8669	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:76037	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92991	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:105659	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9609	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:70310	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:6217	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:106447	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92409	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:8858	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:69556	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:5880	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:108807	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:105854	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9808	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:70499	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:67306	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:99359	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:106734	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92608	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:111773	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9053	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:69749	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:66969	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:109437	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:76373	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:42235	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:101534	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:69089	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:64610	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:96081	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:118533	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:108012	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:76036	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:6216	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:67304	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:102218	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:111771	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:69154	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:5879	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:64793	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:108806	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:67305	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:73732	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:111772	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:66968	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:76372	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:42138	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:102771	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:117526	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:73915	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:1642	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:101346	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:6215	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:34576	P	Security update for qemu (Important)	2021-10-26
oval:org.opensuse.security:def:60399	P	Security update for qemu (Important)	2021-10-26

BACK