DEBIAN-CVE-2021-3544

DEBIAN-CVE-2021-3544 PUBLISHED CVSS 6.5 MEDIUM

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	qemu	0, 0, 0
Debian:11	qemu	5.2+dfsg, 0, 0
Debian:12	qemu	0, 0, 0
Debian:13	qemu	0, 0, 0

Exploit Intelligence

POC for CVE-2021-3544 based on https://www.exploit-db.com/exploits/49601 (github-poc-repo)
POC for CVE-2021-3544 based on https://www.exploit-db.com/exploits/49601 (github-poc)

Timeline

Jun 2, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-3544 advisory

Open in Interactive Console →