{
  "threat_severity" : "Moderate",
  "public_date" : "2021-08-27T00:00:00Z",
  "bugzilla" : {
    "description" : "QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu",
    "id" : "1998514",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1998514"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.", "A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process." ],
  "statement" : "This issue affects the versions of `qemu-kvm` as shipped with Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 8 Advanced Virtualization. A future update may address this flaw.",
  "acknowledgement" : "Red Hat would like to thank Alexander Bulekov for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Advanced Virtualization for RHEL 8.2.1",
    "release_date" : "2021-12-09T00:00:00Z",
    "advisory" : "RHSA-2021:5036",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8.2::el8",
    "package" : "virt:8.2-8020120211120005046.863bb0db"
  }, {
    "product_name" : "Advanced Virtualization for RHEL 8.2.1",
    "release_date" : "2021-12-09T00:00:00Z",
    "advisory" : "RHSA-2021:5036",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8.2::el8",
    "package" : "virt-devel:8.2-8020120211120005046.863bb0db"
  }, {
    "product_name" : "Advanced Virtualization for RHEL 8.4.0.Z",
    "release_date" : "2021-11-03T00:00:00Z",
    "advisory" : "RHSA-2021:4112",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8.4::el8",
    "package" : "virt:av-8040020211022000504.522a0ee4"
  }, {
    "product_name" : "Advanced Virtualization for RHEL 8.4.0.Z",
    "release_date" : "2021-11-03T00:00:00Z",
    "advisory" : "RHSA-2021:4112",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8.4::el8",
    "package" : "virt-devel:av-8040020211022000504.522a0ee4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1759",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "virt-devel:rhel-8060020220408104655.d63f516d"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1759",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "virt:rhel-8060020220408104655.d63f516d"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm-ma",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Affected",
    "package_name" : "virt:8.2/qemu-kvm",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Affected",
    "package_name" : "virt:av/qemu-kvm",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenStack Platform 10 (Newton)",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:10"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:13"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-3748\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3748" ],
  "name" : "CVE-2021-3748",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}