CVE-2021-3544

MEDIUM

QEMU <= 6.0.0 - Memory Leak in vhost-user-gpu Device

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3544. PoCs published by Goultarde.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-35448, targeting Remote Mouse (formerly WiFi Mouse) to achieve remote code execution. The exploit sends crafted packets to open a command prompt and execute arbitrary commands, including reverse shell payloads via PowerShell.

Description

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.

Exploits (1)

nomisec WORKING POC

by Goultarde · poc

https://github.com/Goultarde/CVE-2021-3544_RemoteMouse-3.008-RCE

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-35448, targeting Remote Mouse (formerly WiFi Mouse) to achieve remote code execution. The exploit sends crafted packets to open a command prompt and execute arbitrary commands, including reverse shell payloads via PowerShell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Remote Mouse (WiFi Mouse) 3.008

No auth needed

Prerequisites: Target must have Remote Mouse installed and running · Network access to the target on port 1978

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/05/31/1

Issue Tracking x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=1958935

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20210720-0008/

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2021/dsa-4980

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/202208-27

Scores

CVSS v3 6.5

EPSS 0.0044

EPSS Percentile 34.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (2)

debian/debian_linux 11.0

qemu/qemu < 6.0.0

Published Jun 02, 2021

Tracked Since Feb 18, 2026