{"api_version":"1","generated_at":"2026-04-23T05:07:09+00:00","cve":"CVE-2021-3750","urls":{"html":"https://cve.report/CVE-2021-3750","api":"https://cve.report/api/cve/CVE-2021-3750.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3750","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3750"},"summary":{"title":"CVE-2021-3750","description":"A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-05-02 19:15:00","updated_at":"2023-02-12 23:42:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20220624-0003/","name":"https://security.netapp.com/advisory/ntap-20220624-0003/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-3750 QEMU Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2022:7967","name":"https://access.redhat.com/errata/RHSA-2022:7967","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://gitlab.com/qemu-project/qemu/-/issues/556","name":"https://gitlab.com/qemu-project/qemu/-/issues/556","refsource":"MISC","tags":[],"title":"Fix DMA MMIO reentrancy issues (#556) · Issues · QEMU / QEMU · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999073","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1999073","refsource":"MISC","tags":[],"title":"1999073 – (CVE-2021-3750) CVE-2021-3750 QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitlab.com/qemu-project/qemu/-/issues/541","name":"https://gitlab.com/qemu-project/qemu/-/issues/541","refsource":"MISC","tags":[],"title":"Heap-use-after-free through ehci_flush_qh (#541) · Issues · QEMU / QEMU · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202208-27","name":"GLSA-202208-27","refsource":"GENTOO","tags":[],"title":"QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2021-3750","name":"https://access.redhat.com/security/cve/CVE-2021-3750","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3750","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3750","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3750","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3750","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3750","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"advanced_virtualization","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-3750","qid":"160273","title":"Oracle Enterprise Linux Security Update for qemu-kvm (ELSA-2022-7967)"},{"cve":"CVE-2021-3750","qid":"161176","title":"Oracle Enterprise Linux Security Update for virt:ol and virt-devel:rhel (ELSA-2023-6980)"},{"cve":"CVE-2021-3750","qid":"161478","title":"Oracle Enterprise Linux Security Update for virt:kvm_utils3 (ELSA-2024-12276)"},{"cve":"CVE-2021-3750","qid":"183308","title":"Debian Security Update for qemu (CVE-2021-3750)"},{"cve":"CVE-2021-3750","qid":"199069","title":"Ubuntu Security Notification for QEMU Vulnerabilities (USN-5772-1)"},{"cve":"CVE-2021-3750","qid":"240913","title":"Red Hat Update for qemu-kvm security (RHSA-2022:7967)"},{"cve":"CVE-2021-3750","qid":"242430","title":"Red Hat Update for virt:rhel and virt-devel:rhel security (RHSA-2023:6980)"},{"cve":"CVE-2021-3750","qid":"242778","title":"Red Hat Update for virt:rhel and virt-devel:rhel (RHSA-2024:0569)"},{"cve":"CVE-2021-3750","qid":"242861","title":"Red Hat Update for virt:rhel and virt-devel:rhel (RHSA-2024:0404)"},{"cve":"CVE-2021-3750","qid":"379624","title":"Alibaba Cloud Linux Security Update for virt:rhel and virt-devel:rhel (ALINUX3-SA-2024:0021)"},{"cve":"CVE-2021-3750","qid":"710604","title":"Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)"},{"cve":"CVE-2021-3750","qid":"754898","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2023:3721-1)"},{"cve":"CVE-2021-3750","qid":"754937","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2023:3800-1)"},{"cve":"CVE-2021-3750","qid":"755084","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2023:4056-1)"},{"cve":"CVE-2021-3750","qid":"901579","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (9707)"},{"cve":"CVE-2021-3750","qid":"901933","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (9701)"},{"cve":"CVE-2021-3750","qid":"902503","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (9707-1)"},{"cve":"CVE-2021-3750","qid":"907029","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (9701-1)"},{"cve":"CVE-2021-3750","qid":"940832","title":"AlmaLinux Security Update for qemu-kvm (ALSA-2022:7967)"},{"cve":"CVE-2021-3750","qid":"941431","title":"AlmaLinux Security Update for virt:rhel and virt-devel:rhel (ALSA-2023:6980)"},{"cve":"CVE-2021-3750","qid":"960500","title":"Rocky Linux Security Update for qemu-kvm (RLSA-2022:7967)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2021-3750","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-416","cweId":"CWE-416"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"QEMU","version":{"version_data":[{"version_affected":"=","version_value":"QEMU before version 7.0.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999073","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1999073"},{"url":"https://gitlab.com/qemu-project/qemu/-/issues/541","refsource":"MISC","name":"https://gitlab.com/qemu-project/qemu/-/issues/541"},{"url":"https://gitlab.com/qemu-project/qemu/-/issues/556","refsource":"MISC","name":"https://gitlab.com/qemu-project/qemu/-/issues/556"},{"url":"https://security.gentoo.org/glsa/202208-27","refsource":"MISC","name":"https://security.gentoo.org/glsa/202208-27"},{"url":"https://security.netapp.com/advisory/ntap-20220624-0003/","refsource":"MISC","name":"https://security.netapp.com/advisory/ntap-20220624-0003/"}]}},"nvd":{"publishedDate":"2022-05-02 19:15:00","lastModifiedDate":"2023-02-12 23:42:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.5,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3750","Ordinal":"216050","Title":"CVE-2021-3750","CVE":"CVE-2021-3750","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3750","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}