QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3929

Published: Aug 25, 2022

Modified: Feb 28, 2025

PUBLISHED

Description

A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.

Vendor	Product	Versions
n/a	QEMU	affected `Fixed in qemu-kvm 7.0.0-rc0`

Weaknesses (CWE)

References

https://gitlab.com/qemu-project/qemu/-/issues/556

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=2020298

x_refsource_MISC

https://access.redhat.com/security/cve/CVE-2021-3929

x_refsource_MISC

https://gitlab.com/qemu-project/qemu/-/issues/782

x_refsource_MISC

https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385

x_refsource_MISC

FEDORA-2022-f0a2695054

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.