{
  "threat_severity" : "Moderate",
  "public_date" : "2020-08-26T00:00:00Z",
  "bugzilla" : {
    "description" : "QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free",
    "id" : "1999073",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1999073"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.", "A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host." ],
  "statement" : "This CVE is rated as having a Moderate security impact on Red Hat Enterprise Linux. For additional details, refer to https://bugzilla.redhat.com/show_bug.cgi?id=1999073#c5.",
  "acknowledgement" : "Red Hat would like to thank Alexander Bulekov, Gaoning Pan (Zhejiang University), Haoran Qin (Sangfor), Qiuhao Li, Xiao Wei, Xingwei Lin (Ant Security Light-Year Lab), and Zhiniang Peng (Sangfor) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:6980",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "virt-devel:rhel-8090020230927071820.b46abd14"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:6980",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "virt:rhel-8090020230927071820.b46abd14"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2024-01-25T00:00:00Z",
    "advisory" : "RHSA-2024:0404",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.6",
    "package" : "virt-devel:rhel-8060020231128234847.ad008a3a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2024-01-25T00:00:00Z",
    "advisory" : "RHSA-2024:0404",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.6",
    "package" : "virt:rhel-8060020231128234847.ad008a3a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "release_date" : "2024-01-30T00:00:00Z",
    "advisory" : "RHSA-2024:0569",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.8",
    "package" : "virt-devel:rhel-8080020240116113044.63b34585"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "release_date" : "2024-01-30T00:00:00Z",
    "advisory" : "RHSA-2024:0569",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.8",
    "package" : "virt:rhel-8080020240116113044.63b34585"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:7967",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "qemu-kvm-17:7.0.0-13.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm-ma",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Affected",
    "package_name" : "virt:8.2/qemu-kvm",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Will not fix",
    "package_name" : "virt:av/qemu-kvm",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat OpenStack Platform 10 (Newton)",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:10"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:13"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-3750\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3750\nhttps://gitlab.com/qemu-project/qemu/-/issues/541\nhttps://gitlab.com/qemu-project/qemu/-/issues/556" ],
  "name" : "CVE-2021-3750",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}