{"api_version":"1","generated_at":"2026-04-23T01:53:28+00:00","cve":"CVE-2021-3748","urls":{"html":"https://cve.report/CVE-2021-3748","api":"https://cve.report/api/cve/CVE-2021-3748.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3748","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3748"},"summary":{"title":"CVE-2021-3748","description":"A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-03-23 20:15:00","updated_at":"2023-01-03 15:16:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20220425-0004/","name":"https://security.netapp.com/advisory/ntap-20220425-0004/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-3748 QEMU Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html","name":"https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html","refsource":"MISC","tags":[],"title":"[PATCH] virtio-net: fix use after unmap/free for sg","mime":"text/x-diff","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html","name":"[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3099-1] qemu security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://ubuntu.com/security/CVE-2021-3748","name":"https://ubuntu.com/security/CVE-2021-3748","refsource":"MISC","tags":[],"title":"CVE-2021-3748 | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1998514","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1998514","refsource":"MISC","tags":[],"title":"1998514 – (CVE-2021-3748) CVE-2021-3748 QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202208-27","name":"GLSA-202208-27","refsource":"GENTOO","tags":[],"title":"QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html","name":"[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2970-1] qemu security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6","name":"https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6","refsource":"MISC","tags":[],"title":"virtio-net: fix use after unmap/free for sg · qemu/qemu@bedd7e9 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3748","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3748","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"20.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"21.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"advanced_virtualization","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_advanced_virtualization_eus","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-3748","qid":"159858","title":"Oracle Enterprise Linux Security Update for virt:ol and virt-devel:ol (ELSA-2022-1759)"},{"cve":"CVE-2021-3748","qid":"159862","title":"Oracle Enterprise Linux Security Update for qemu (ELSA-2022-9432)"},{"cve":"CVE-2021-3748","qid":"159880","title":"Oracle Enterprise Linux Security Update for kvm_utils (ELSA-2022-9460)"},{"cve":"CVE-2021-3748","qid":"159903","title":"Oracle Enterprise Linux Security Update for olcne (ELSA-2022-9492)"},{"cve":"CVE-2021-3748","qid":"159904","title":"Oracle Enterprise Linux Security Update for olcne (ELSA-2022-9493)"},{"cve":"CVE-2021-3748","qid":"159906","title":"Oracle Enterprise Linux Security Update for olcne (ELSA-2022-9491)"},{"cve":"CVE-2021-3748","qid":"159908","title":"Oracle Enterprise Linux Security Update for olcne (ELSA-2022-9494)"},{"cve":"CVE-2021-3748","qid":"178817","title":"Debian Security Update for qemu (DSA 4980-1)"},{"cve":"CVE-2021-3748","qid":"179172","title":"Debian Security Update for qemu (DLA 2970-1)"},{"cve":"CVE-2021-3748","qid":"180995","title":"Debian Security Update for qemu (DLA 3099-1)"},{"cve":"CVE-2021-3748","qid":"182990","title":"Debian Security Update for qemu (CVE-2021-3748)"},{"cve":"CVE-2021-3748","qid":"198683","title":"Ubuntu Security Notification for QEMU Vulnerabilities (USN-5307-1)"},{"cve":"CVE-2021-3748","qid":"240292","title":"Red Hat Update for virt:rhel and virt-devel:rhel security (RHSA-2022:1759)"},{"cve":"CVE-2021-3748","qid":"671198","title":"EulerOS Security Update for qemu (EulerOS-SA-2022-1034)"},{"cve":"CVE-2021-3748","qid":"671203","title":"EulerOS Security Update for qemu (EulerOS-SA-2022-1014)"},{"cve":"CVE-2021-3748","qid":"710604","title":"Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)"},{"cve":"CVE-2021-3748","qid":"751276","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3519-1)"},{"cve":"CVE-2021-3748","qid":"751322","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3614-1)"},{"cve":"CVE-2021-3748","qid":"751323","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3613-1)"},{"cve":"CVE-2021-3748","qid":"751330","title":"OpenSUSE Security Update for qemu (openSUSE-SU-2021:3614-1)"},{"cve":"CVE-2021-3748","qid":"751332","title":"OpenSUSE Security Update for qemu (openSUSE-SU-2021:3605-1)"},{"cve":"CVE-2021-3748","qid":"751334","title":"OpenSUSE Security Update for qemu (openSUSE-SU-2021:3604-1)"},{"cve":"CVE-2021-3748","qid":"751337","title":"OpenSUSE Security Update for qemu (openSUSE-SU-2021:1461-1)"},{"cve":"CVE-2021-3748","qid":"751338","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3635-1)"},{"cve":"CVE-2021-3748","qid":"751362","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3653-1)"},{"cve":"CVE-2021-3748","qid":"900773","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (9111)"},{"cve":"CVE-2021-3748","qid":"901656","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (9121)"},{"cve":"CVE-2021-3748","qid":"902027","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (9111-1)"},{"cve":"CVE-2021-3748","qid":"902087","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (9121-1)"},{"cve":"CVE-2021-3748","qid":"940525","title":"AlmaLinux Security Update for virt:rhel and virt-devel:rhel (ALSA-2022:1759)"},{"cve":"CVE-2021-3748","qid":"960314","title":"Rocky Linux Security Update for virt:rhel and virt-devel:rhel (RLSA-2022:1759)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-3748","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"QEMU (virtio-net)","version":{"version_data":[{"version_value":"Affects qemu v0.10.0 and above, Fixed In – v6.2.0-rc0 and above."}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-416 - Use After Free"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1998514","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1998514"},{"refsource":"MISC","name":"https://ubuntu.com/security/CVE-2021-3748","url":"https://ubuntu.com/security/CVE-2021-3748"},{"refsource":"MISC","name":"https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6","url":"https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6"},{"refsource":"MISC","name":"https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html","url":"https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update","url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20220425-0004/","url":"https://security.netapp.com/advisory/ntap-20220425-0004/"},{"refsource":"GENTOO","name":"GLSA-202208-27","url":"https://security.gentoo.org/glsa/202208-27"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"}]},"description":{"description_data":[{"lang":"eng","value":"A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process."}]}},"nvd":{"publishedDate":"2022-03-23 20:15:00","lastModifiedDate":"2023-01-03 15:16:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":0.8,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.9},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*","versionStartIncluding":"0.10.0","versionEndExcluding":"6.2.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_advanced_virtualization_eus:8.4:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3748","Ordinal":"216040","Title":"CVE-2021-3748","CVE":"CVE-2021-3748","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3748","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}