VDB
CVE-2021-3713
CVE-2021-3713
PUBLISHED
Es existiert eine Schwachstelle in QEMU in der Emulation für UAS (USB Attached SCSI). Die Eingabe des Gastes wird nicht ausreichend geprüft, wodurch ein out-of-bounds-Schreibfehler ermöglicht wird. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit Rechten des Benutzers auszuführen oder einen Denial of Service Zustand herbeizuführen.
EPSS 0.10% · 27.8th percentile
Risk Scores
EPSS Score
0.10%
27.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | |
| Oracle | Oracle Linux | |
| Open Source | Open Source QEMU | |
| Gentoo | Gentoo Linux | |
| Debian | Debian Linux | |
| SUSE | SUSE Linux |
Exploit Intelligence
- https://bugzilla.redhat.com/show_bug.cgi?id=1994640 (circl)
- [debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update (circl)
- https://security.netapp.com/advisory/ntap-20210923-0006/ (circl)
- DSA-4980 (circl)
- GLSA-202208-27 (circl)
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update (circl)
Timeline
- Aug 17, 2021 CVE Published
- Aug 26, 2021 EPSS Score
- Oct 5, 2021 EPSS Score
- Oct 11, 2021 EPSS Score
- Dec 20, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 17, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jun 13, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Oct 8, 2022 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1119.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1119 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-November/009693.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-November/009694.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-October/009647.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-November/009705.html advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1994640 advisory
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-November/009697.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-November/009698.html advisory
- https://www.debian.org/security/2021/dsa-4980 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-November/009717.html advisory
- http://linux.oracle.com/errata/ELSA-2021-9638.html advisory
- https://linux.oracle.com/errata/ELSA-2022-9172.html advisory
- https://ubuntu.com/security/notices/USN-5307-1 advisory
- https://security.gentoo.org/glsa/202208-27 advisory
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html advisory
- https://linux.oracle.com/errata/ELSA-2024-12604.html advisory
- https://linux.oracle.com/errata/ELSA-2024-12605.html advisory