Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2021-3392

Published: August 31, 2023Last modified: August 31, 2023

Description

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.

Severity score breakdown

ParameterValue
Base score3.2
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredHIGH
User interactionNONE
ScopeCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactLOW
VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSqemuNot affected (7.1.0-r4)
StreamqemuNot affected (8.0.4-r0)

References

ON THIS PAGE