Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 807055 (CVE-2021-3682) - app-emulation/qemu: code execution via malicious SPICE client (CVE-2021-3682)
Summary: app-emulation/qemu: code execution via malicious SPICE client (CVE-2021-3682)
Status: CONFIRMED
Alias: CVE-2021-3682
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://gitlab.com/qemu-project/qemu/...
Whiteboard: B1 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-08-07 22:44 UTC by John Helmert III
Modified: 2021-08-07 22:44 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-08-07 22:44:20 UTC
CVE-2021-3682 (https://bugzilla.redhat.com/show_bug.cgi?id=1989651):

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

Unreleased patch: https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9