AZL-6831

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6831.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-6831

Upstream

CVE-2021-3713

Published

2021-08-25T19:15:15Z

Modified

2026-04-21T04:38:23.348829Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2021-3713 affecting package qemu for versions less than 6.2.0-2

Details

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-3713

Affected packages

Azure Linux:2 / qemu

Package

Name: qemu
Purl: pkg:rpm/azure-linux/qemu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.0-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6831.json"