DMA Reentrancy Vulnerability in QEMU USB EHCI Controller Emulation
CVE-2021-3750

8.2HIGH

Key Information:

Vendor

Qemu
Status
Qemu
Vendor
CVE Published:
2 May 2022

What is CVE-2021-3750?

A DMA reentrancy issue was identified in the USB EHCI controller emulation of QEMU, where the controller fails to verify if the Buffer Pointer intersects with its MMIO region during USB packet transfers. This oversight allows crafted content to manipulate registers within the controller, potentially leading to unwanted operations like resets while active transfers are ongoing. The vulnerability poses serious risks, as a malicious guest could exploit this flaw to crash the QEMU process on the host machine, causing a denial of service, or may even execute arbitrary code in the context of the QEMU process, affecting the host's stability and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QEMU QEMU before version 7.0.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=1999073
x_refsource_MISC
https://gitlab.com/qemu-project/qemu/-/issues/541
x_refsource_MISC
https://gitlab.com/qemu-project/qemu/-/issues/556
x_refsource_MISC

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.