CVE-2021-3682

Summary

CVE	CVE-2021-3682
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-08-05 20:15:00 UTC
Updated	2023-03-31 18:26:00 UTC
Description	A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

Risk And Classification

Problem Types: CWE-763

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Qemu	Qemu	All	All	All	All
Application	Qemu	Qemu	6.1.0	-	All	All
Application	Qemu	Qemu	6.1.0	rc1	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All

References

Reference	Source	Link	Tags
Debian -- Security Information -- DSA-4980-1 qemu	DEBIAN	www.debian.org
[SECURITY] [DLA 3099-1] qemu security update	MLIST	lists.debian.org
[SECURITY] [DLA 2753-1] qemu security update	MLIST	lists.debian.org
CVE-2021-3682 QEMU Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
1989651 – (CVE-2021-3682) CVE-2021-3682 QEMU: usbredir: free call on invalid pointer in bufp_alloc()	MISC	bugzilla.redhat.com
QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security	GENTOO	security.gentoo.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159582 Oracle Enterprise Linux Security Update for qemu (ELSA-2021-9638)
159672 Oracle Enterprise Linux Security Update for kvm_utils (ELSA-2022-9172)
178782 Debian Security Update for qemu (DLA 2753-1)
178817 Debian Security Update for qemu (DSA 4980-1)
180995 Debian Security Update for qemu (DLA 3099-1)
183794 Debian Security Update for qemu (CVE-2021-3682)
198683 Ubuntu Security Notification for QEMU Vulnerabilities (USN-5307-1)
199069 Ubuntu Security Notification for QEMU Vulnerabilities (USN-5772-1)
502356 Alpine Linux Security Update for qemu
671198 EulerOS Security Update for qemu (EulerOS-SA-2022-1034)
671203 EulerOS Security Update for qemu (EulerOS-SA-2022-1014)
710604 Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)
750995 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:2813-1)
751013 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2789-1)
751053 OpenSUSE Security Update for qemu (openSUSE-SU-2021:1202-1)
751068 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2858-1)
751322 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3614-1)
751323 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3613-1)
751330 OpenSUSE Security Update for qemu (openSUSE-SU-2021:3614-1)
751338 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3635-1)
900293 CBL-Mariner Linux Security Update for qemu-kvm 4.2.0
901920 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (6830)
902070 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (6830-1)
902791 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (5125)