A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
{ "vanir_signatures": [ { "deprecated": false, "target": { "file": "hw/net/virtio-net.c", "function": "virtio_net_receive_rcu" }, "signature_version": "v1", "id": "CVE-2021-3748-63a59022", "signature_type": "Function", "digest": { "length": 2573.0, "function_hash": "14770436477810317024841570451115134811" }, "source": "https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6" }, { "deprecated": false, "target": { "file": "hw/net/virtio-net.c" }, "signature_version": "v1", "id": "CVE-2021-3748-b289847e", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "139153011538441137443425885686769242333", "19540242830036793152453911828632731321", "261971490103105366185518487713065779809", "274886746361350886814583306928039415769", "117959129944310761007430404673458701437", "5575847093833653024836064788740198304", "164237186261067155017967658108932275749", "41568830874794595423836708667899720764", "204979634018619945530189025481137025000", "200236562904088385766774625108108467906", "81898909521356078802753323202918312736", "276622600102277512342777352275962185101", "17686686804455707955864788085310989909", "170904657820958641358685323667703360232", "20732383499291189554247390592397864623", "104773052961933199236430616329051629652", "30148309516638926374883201050847486195", "263405443713322288624440308518443648446", "43538856978998950359608723105896316473", "135835704044671834425133687155795544491", "53527990305242486942412336048341160685", "298719444517055338988398675801988708732", "162604734227819747815593254388199626104", "202154863577782391529005710899301295034", "102630445816527384348936569443744793486", "107375714520255535024167627018508704968", "337770536592677363347602484056375594828", "329754777237505547929585834740495934718", "309636159462361027173374396889853120124", "172880516596470903830738622624501085703", "112643539357749891484797476986660340522", "259192748648542531221030014246801045362" ] }, "source": "https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6" } ] }