| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.3 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in QEMU. This affects the function ahci_reset_port of the component AHCI Controller Device. This manipulation causes locking.
This vulnerability is handled as CVE-2021-3735. There is not any exploit available.
Details
A vulnerability has been found in QEMU (Virtualization Software) (affected version not known) and classified as problematic. Affected by this vulnerability is the function ahci_reset_port of the component AHCI Controller Device. The manipulation with an unknown input leads to a locking vulnerability. The CWE definition for the vulnerability is CWE-667. The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. As an impact it is known to affect availability. The summary by CVE is:
A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
The weakness was released 08/26/2022. It is possible to read the advisory at access.redhat.com. This vulnerability is known as CVE-2021-3735 since 08/25/2021. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 02/28/2025).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
License
Website
- Product: https://www.qemu.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 4.3
VulDB Base Score: 4.3
VulDB Temp Score: 4.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 4.4
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: LockingCWE: CWE-667
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
08/25/2021 🔍08/26/2022 🔍
08/26/2022 🔍
02/28/2025 🔍
Sources
Product: qemu.orgAdvisory: access.redhat.com
Status: Confirmed
CVE: CVE-2021-3735 (🔍)
GCVE (CVE): GCVE-0-2021-3735
GCVE (VulDB): GCVE-100-207391
Entry
Created: 08/26/2022 20:48Updated: 02/28/2025 15:14
Changes: 08/26/2022 20:48 (38), 10/02/2022 13:15 (9), 02/28/2025 15:14 (15)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.