CVE-2021-3392 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	A use-after-free issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1308	qemu	5.2.0-4	6.0.0-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/02/05/2 https://bugs.launchpad.net/qemu/+bug/1914236 https://git.qemu.org/?p=qemu.git;a=commitdiff;h=3791642c8d60029adf9b00bcb4e34d7d8a1aea4d