CVE-2021-3748

Publication date 31 August 2021

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qemu	22.10 kinetic	Fixed 1:6.2+dfsg-2ubuntu5
	22.04 LTS jammy	Fixed 1:6.2+dfsg-2ubuntu5
	21.10 impish	Fixed 1:6.0+dfsg-2expubuntu1.2
	21.04 hirsute	Ignored end of life
	20.04 LTS focal	Fixed 1:4.2-3ubuntu6.21
	18.04 LTS bionic	Fixed 1:2.11+dfsg-1ubuntu7.39
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qemu	Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=bedd7e93d01961fcb16a97ae45d93acf357e11f6

Severity score breakdown

Parameter	Value
Base score	7.5 · High
Attack vector	Local
Attack complexity	High
Privileges required	High
User interaction	None
Scope	Changed
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

USN-5307-1
QEMU vulnerabilities
28 February 2022