U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2021-3750

Change History

CVE Modified by Red Hat, Inc. 2/12/2023 6:42:46 PM

Action Type Old Value New Value
Removed CVSS V3.1
Red Hat, Inc. AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

								
						
Added CWE

								
							
							
						
Red Hat, Inc. CWE-416
Changed Description
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host.
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.
Removed Reference
https://access.redhat.com/errata/RHSA-2022:7967 [No Types Assigned]

								
						
Removed Reference
https://access.redhat.com/security/cve/CVE-2021-3750 [No Types Assigned]