---

CVE-2021-3713 - log back

CVE-2021-3713 edited at 23 Aug 2021 11:16:51
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ An out-of-bounds write issue was found in the UAS (USB Attached SCSI) device emulation of QEMU. It occurs due to missing sanity checks in the usb_uas_handle_data() function in hw/usb/dev-uas.c. In particular, the device uses the guest-supplied stream number unchecked, which can lead to guest-triggered out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1994640 + https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg02766.html

CVE-2021-3713 created at 23 Aug 2021 11:15:37
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes