8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.7%
qemu is vulnerable to use-after-free. The vulnerability exists in USB EHCI controller emulation because EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets which allows an attacker to cause an application crash.
access.redhat.com/errata/RHSA-2022:7967
access.redhat.com/security/cve/CVE-2021-3750
bugzilla.redhat.com/show_bug.cgi?id=1999073
gitlab.com/qemu-project/qemu/-/issues/541
gitlab.com/qemu-project/qemu/-/issues/556
security-tracker.debian.org/tracker/CVE-2021-3750
security.gentoo.org/glsa/202208-27
security.netapp.com/advisory/ntap-20220624-0003/
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.7%