CVE-2021-3392 log

Source
Severity Medium
Remote No
Type Arbitrary code execution
Description
A use-after-free issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario.
Group Package Affected Fixed Severity Status Ticket
AVG-1308 qemu 5.2.0-3 Medium Vulnerable
References
https://www.openwall.com/lists/oss-security/2021/02/05/2
https://bugs.launchpad.net/qemu/+bug/1914236
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html