A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2021-08-05T19:51:26
Updated: 2024-08-03T17:01:07.707Z
Reserved: 2021-08-04T00:00:00
Link: CVE-2021-3682
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-05T20:15:09.963
Modified: 2024-11-21T06:22:09.070
Link: CVE-2021-3682
Redhat