Vulnerability CVE-2021-3544: Information

Description

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3544

Published: June 2, 2021

Modified: Oct. 25, 2022

Error type identifier: CWE-401

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
qemu	sisyphus	6.1.0-alt1	8.2.3-alt1	ALT-PU-2021-2713-1	284381	Fixed
qemu	sisyphus_e2k	7.2.0-alt3.E2K.3	7.2.0-alt3.E2K.4	ALT-PU-2024-1953-1	-	Fixed
qemu	p10	6.1.0-alt2	8.2.2-alt0.p10.1	ALT-PU-2021-3363-1	289854	Fixed
qemu	p10_e2k	7.2.0-alt3.E2K.0	7.2.0-alt3.E2K.3	ALT-PU-2023-6766-1	-	Fixed
qemu	c10f1	6.1.0-alt2	8.2.2-alt0.p10.1	ALT-PU-2021-3363-1	289854	Fixed
qemu	c9f2	5.2.0-alt6.c9.1	5.2.0-alt6.c9.1	ALT-PU-2021-3078-1	284979	Fixed
qemu	p11	6.1.0-alt1	8.2.3-alt1	ALT-PU-2021-2713-1	284381	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1958935	Issue Tracking
[oss-security] 20210531 QEMU: security issues in vhost-user-gpu	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210720-0008/	Third Party Advisory
DSA-4980	Third Party Advisory
GLSA-202208-27	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
  End including
  6.0.0
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2021-3544: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2