Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-3748

Опубликовано: 23 мар. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.9
CVSS3: 7.5

Описание

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.

РелизСтатусПримечание
bionic

released

1:2.11+dfsg-1ubuntu7.39
devel

released

1:6.2+dfsg-2ubuntu5
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

released

1:2.11+dfsg-1ubuntu7.39
esm-infra/focal

released

1:4.2-3ubuntu6.21
esm-infra/xenial

not-affected

code not present
focal

released

1:4.2-3ubuntu6.21
hirsute

ignored

end of life
impish

released

1:6.0+dfsg-2expubuntu1.2
jammy

released

1:6.2+dfsg-2ubuntu5

Показывать по

Ссылки на источники

EPSS

Процентиль: 7%
0.00028
Низкий

6.9 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-3748

CVSS3: 7.5
redhat
около 4 лет назад

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.

nvd логотип

CVE-2021-3748

CVSS3: 7.5
nvd
больше 3 лет назад

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.

msrc логотип

CVE-2021-3748

CVSS3: 7.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2021-3748

CVSS3: 7.5
debian
больше 3 лет назад

A use-after-free vulnerability was found in the virtio-net device of Q ...

github логотип

GHSA-4f87-mww8-gm8x

CVSS3: 8.8
github
больше 3 лет назад

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.

EPSS

Процентиль: 7%
0.00028
Низкий

6.9 Medium

CVSS2

7.5 High

CVSS3