CVE-2021-3392

LOW Year: 2021
CVSS v3 Score
3.2
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-416
View all →

Vulnerability Description

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.

Related Vulnerabilities

CVE-2020-25084

LOW
CVSS:3.2(Low)

QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.

CWE-4162020

CVE-2019-15919

LOW
CVSS:3.3(Low)

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.

CWE-4162019

CVE-2019-17143

LOW
CVSS:3.3(Low)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in th...

CWE-4162019

CVE-2019-6756

LOW
CVSS:3.3(Low)

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in ...

CWE-4162019

CVE-2019-6758

LOW
CVSS:3.3(Low)

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that t...

CWE-4162019

CVE-2019-6766

LOW
CVSS:3.3(Low)

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that...

CWE-4162019