How severe is CVE-2021-3750?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2021-3750?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2021-3750 - HIGH Severity | CVSS 8.2

Vulnerability Description

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.

Related Vulnerabilities

CVE-2019-19770

HIGH

CVSS:8.2(High)

In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created w...

CWE-4162019

CVE-2020-25632

HIGH

CVSS:8.2(High)

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leadi...

CWE-4162020

CVE-2020-2758

HIGH

CVSS:8.2(High)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily explo...

CWE-4162020

CVE-2020-3962

HIGH

CVSS:8.2(High)

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-...

CWE-4162020

CVE-2020-4004

HIGH

CVSS:8.2(High)

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vu...

CWE-4162020

CVE-2021-3796

HIGH

CVSS:8.2(High)

vim is vulnerable to Use After Free

CWE-4162021