Bugzilla – Bug 1189236
VUL-1: CVE-2021-3392: qemu,kvm: scsi mptsas, use-after-free while processing io requests
Last modified: 2022-01-10 15:15:03 UTC
A use-after-free issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI i/o requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html References: https://bugzilla.redhat.com/show_bug.cgi?id=1924042 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3392 http://seclists.org/oss-sec/2021/q1/109 https://access.redhat.com/security/cve/CVE-2021-3392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3392 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html https://bugs.launchpad.net/qemu/+bug/1914236
Affected package: - SUSE:SLE-15-SP3:Update/qemu
This patch has been in SLE15-SP3. It should be fixed.