Linux Distros Unpatched Vulnerability : CVE-2021-3409

🗓️ 15 Aug 2025 00:00:00Reported by TenableType

Unpatched Linux host; CVE-2021-3409 allows privileged QEMU up to 5.2.0 to crash or execute code; CVE-2020-17380/25085 patch ineffective; SDHCI read/write out-of-bounds.

Reporter	Title	Published	Views	Family All 185
AlpineLinux	CVE-2020-17380	30 Jan 202105:38	–	alpinelinux
AlpineLinux	CVE-2020-25085	25 Sep 202004:09	–	alpinelinux
AlpineLinux	CVE-2021-3409	23 Mar 202120:20	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в qemu	20 May 202605:53	–	astralinux
AstraLinux	Astra Linux - уязвимость в qemu	20 May 202605:53	–	astralinux
AstraLinux	Astra Linux - уязвимость в qemu	3 May 202623:59	–	astralinux
BDU FSTEC	The vulnerability of the sdhci_sdma_transfer_multi_blocks() procedure in the QEMU hardware emulation software allows a attacker to cause a service failure or an unexpected termination of the application. Additionally, it enables the execution of arbitrary code.	21 Apr 202100:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the flatview_read_continue() module of the QEMU hardware emulation software lies in the ability to write beyond the buffer boundaries. This allows attackers to access confidential data, compromise its integrity, and cause service failures.	27 Oct 202100:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the QEMU hardware emulation software, related to the issue of writing operations beyond the buffer boundaries in memory, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.	21 Sep 202200:00	–	bdu_fstec
CBLMariner	CVE-2020-17380 affecting package qemu-kvm 4.2.0-48	3 Mar 202103:44	–	cbl_mariner

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2021-3409
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(249368);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/15");

  script_cve_id("CVE-2021-3409");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2021-3409");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to
    the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This
    flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of
    service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. (CVE-2021-3409)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2021-3409");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3409");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-14.04", "Host/OS/Ubuntu Linux-16.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "qemu"},
          {"reference": "qemu-common"},
          {"reference": "qemu-guest-agent"},
          {"reference": "qemu-keymaps"},
          {"reference": "qemu-kvm"},
          {"reference": "qemu-system"},
          {"reference": "qemu-system-aarch64"},
          {"reference": "qemu-system-arm"},
          {"reference": "qemu-system-common"},
          {"reference": "qemu-system-mips"},
          {"reference": "qemu-system-misc"},
          {"reference": "qemu-system-ppc"},
          {"reference": "qemu-system-sparc"},
          {"reference": "qemu-system-x86"},
          {"reference": "qemu-user"},
          {"reference": "qemu-user-static"},
          {"reference": "qemu-utils"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "qemu"},
          {"reference": "qemu-block-extra"},
          {"reference": "qemu-guest-agent"},
          {"reference": "qemu-kvm"},
          {"reference": "qemu-system"},
          {"reference": "qemu-system-aarch64"},
          {"reference": "qemu-system-arm"},
          {"reference": "qemu-system-common"},
          {"reference": "qemu-system-mips"},
          {"reference": "qemu-system-misc"},
          {"reference": "qemu-system-ppc"},
          {"reference": "qemu-system-s390x"},
          {"reference": "qemu-system-sparc"},
          {"reference": "qemu-system-x86"},
          {"reference": "qemu-user"},
          {"reference": "qemu-user-binfmt"},
          {"reference": "qemu-user-static"},
          {"reference": "qemu-utils"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

15 Aug 2025 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24.6

CVSS 3.16.3

EPSS0.00305