CVE-2021-3713 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	An out-of-bounds write issue was found in the UAS (USB Attached SCSI) device emulation of QEMU. It occurs due to missing sanity checks in the usb_uas_handle_data() function in hw/usb/dev-uas.c. In particular, the device uses the guest-supplied stream number unchecked, which can lead to guest-triggered out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1898	qemu	6.1.0-5		Medium	Unknown

References
https://bugzilla.redhat.com/show_bug.cgi?id=1994640 https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg02766.html