CVE-2021-3392 log

Severity Medium
Remote No
Type Arbitrary code execution
A use-after-free issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario.
Group Package Affected Fixed Severity Status Ticket
AVG-1308 qemu 5.2.0-4 6.0.0-1 Medium Fixed