CVE-2021-3713 - log back

CVE-2021-3713 edited at 23 Aug 2021 11:16:51
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ An out-of-bounds write issue was found in the UAS (USB Attached SCSI) device emulation of QEMU. It occurs due to missing sanity checks in the usb_uas_handle_data() function in hw/usb/dev-uas.c. In particular, the device uses the guest-supplied stream number unchecked, which can lead to guest-triggered out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1994640
+ https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg02766.html
CVE-2021-3713 created at 23 Aug 2021 11:15:37
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes