Vulnerability CVE-2021-3748

Vulnerability Name:

CVE-2021-3748 (CCN-212945)

Assigned:

2021-08-26

Published:

2021-08-26

Updated:

2023-01-03

Summary:

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-416

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-3748

Source: CCN
Type: The Linux Kernel Archives Web site
The Linux Kernel Archives

Source: CCN
Type: Red Hat Bugzilla Bug 1998514
(CVE-2021-3748) - CVE-2021-3748 QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
linux-kernel-cve20213748-code-exec(212945)

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: qemu-devel Web site
virtio-net: fix use after unmap/free for sg

Source: secalert@redhat.com
Type: Mailing List, Patch, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8065	P	snakeyaml-1.33-150200.3.12.4 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8000	P	cross-nvptx-gcc7-7.5.0+r278197-4.30.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7791	P	qemu-tools-7.1.0-150500.47.15 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51978	P	Security update for vim (Important)	2022-12-28
oval:org.opensuse.security:def:803	P	Security update for slurm (Important)	2022-10-06
oval:org.opensuse.security:def:95428	P	Security update for MozillaThunderbird (Important) (in QA)	2022-08-01
oval:org.opensuse.security:def:95427	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:3704	P	Security update for ncurses (Moderate) (in QA)	2022-07-18
oval:org.opensuse.security:def:93144	P	(Important)	2022-07-06
oval:org.opensuse.security:def:3187	P	libidn-tools-1.28-5.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3518	P	guile-2.0.9-9.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3521	P	gzip-1.10-2.12 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94633	P	libdmx-devel-1.1.3-1.23 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94817	P	qemu-tools-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95148	P	qemu-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:351	P	qemu-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:93297	P	(Important)	2022-05-17
oval:com.redhat.rhsa:def:20221759	P	RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate)	2022-05-10
oval:org.opensuse.security:def:102141	P	Security update for python2-numpy (Moderate)	2022-03-31
oval:org.opensuse.security:def:99757	P	(Important)	2022-03-07
oval:org.opensuse.security:def:100068	P	(Important)	2022-01-25
oval:org.opensuse.security:def:113319	P	qemu-6.1.0-34.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:102140	P	Security update for python-pip (Moderate)	2021-12-13
oval:org.opensuse.security:def:99164	P	(Moderate)	2021-12-03
oval:org.opensuse.security:def:58864	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:85763	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:31702	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:57122	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:86166	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:23701	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:32215	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:57525	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:84233	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:86679	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:51689	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:33041	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:58038	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:84691	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:87505	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:31299	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:33736	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:126790	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:88213	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:33994	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:59559	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:127187	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:88530	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:59817	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:23990	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:89214	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:125623	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:89472	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:111127	P	Security update for qemu (Important)	2021-11-08
oval:org.opensuse.security:def:106049	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:10170	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92019	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:99558	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92807	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9416	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:69948	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:98969	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:76374	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:106248	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:10359	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92214	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:8669	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:76037	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92991	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:105659	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9609	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:70310	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:6217	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:106447	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92409	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:8858	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:69556	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:5880	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:108807	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:105854	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9808	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:70499	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:67306	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:99359	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:106734	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92608	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:111773	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9053	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:69749	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:66969	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:109437	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:76373	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:42138	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:101534	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:69089	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:64610	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:96081	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:117526	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:108012	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:76036	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:1642	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:6216	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:67304	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:42235	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:102218	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:111771	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:69154	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:5879	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:64793	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:118533	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:108806	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:67305	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:73732	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:111772	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:66968	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:76372	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:102771	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:73915	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:101346	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:6215	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:34576	P	Security update for qemu (Important)	2021-10-26
oval:org.opensuse.security:def:60399	P	Security update for qemu (Important)	2021-10-26

BACK