CVE-2021-3392 QEMU: scsi: mptsas: use-after-free while processing io requests

[P J P <ppandit () redhat com>]

  Hello,

A use-after-free issue was found in the Megaraid emulator of the QEMU. It 
occurs while processing SCSI i/o requests because in case of an error 
mptsas_free_request() does not dequeue request object 'req' from a pending 
requests' queue. Which later gets processed resulting in the said 
use-after-free issue. A privileged guest user may use this flaw to crash the 
QEMU process on the host resulting in DoS scenario.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html

This issue was reported by Cheolwoo Myung of Seoul National University.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D