CVE-2021-3527

Published: 26/05/2021 Updated: 30/09/2022

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
redhat enterprise linux 8.0
debian debian linux 9.0
debian debian linux 10.0

Debian Bug report logs - #988157 CVE-2021-3527 Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 6 May 2021 17:57:01 UTC Severity: important Tags: security, up ...

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service The highest threat from th ...

No description is available for this CVE ...

A security issue was found in the USB redirection support (usb-redir) of QEMU More specifically, usb-host and usb-redirect try to batch bulk transfers by combining many small USB packets into a single, large transfer request, to reduce the overhead and improve performance The combined size of the bulk sending is used in usbredir_handle_bulk_data( ...

On Wed, May 5, 2021 at 7:09 PM Mauro Matteo Cascella <mcascell () redhat com> wrote: Note that the xhci patch was dropped [1] and a new USB patchset has been proposed without it [2] As discussed upstream, this could leave room for unbound allocation on the heap, although more difficult to exploit by the guest to crash the QEMU process on t ...

Hello, A flaw was found in the USB redirector device (usb-redir) of QEMU Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation Since the total ...

CWE-770 CWE-770 https://www.openwall.com/lists/oss-security/2021/05/05/5 https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c https://bugzilla.redhat.com/show_bug.cgi?id=1955695 https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 https://security.netapp.com/advisory/ntap-20210708-0008/https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html https://security.gentoo.org/glsa/202208-27 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988157 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2061.html

CVE-2021-3527

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect