VYPR
Unrated severityNVD Advisory· Published Mar 23, 2021· Updated Aug 3, 2024

CVE-2021-3392

CVE-2021-3392

Description

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • QEMU/Qemullm-fuzzy2 versions
    >=2.10.0 <=5.2.0+ 1 more
    • (no CPE)range: >=2.10.0 <=5.2.0
    • (no CPE)range: between 2.10.0 and 5.2.0

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.