Debian 9: DLA-2623-1 Critical: QEMU Denial Of Service Report
debian lts
April 10, 2021
Several security vulnerabilities have been discovered in QEMU, a fast processor emulator
Summary
net: e1000: infinite loop while processing transmit descriptors
CVE-2021-20255
A stack overflow via an infinite recursion vulnerability was found in the
eepro100 i8255x device emulator of QEMU. This issue occurs while processing
controller commands due to a DMA reentry issue. This flaw allows a guest
user or process to consume CPU cycles or crash the QEMU process on the
host, resulting in a denial of service.
CVE-2021-20203
An integer overflow issue was found in the vmxnet3 NIC emulator of the
QEMU. It may occur if a guest was to supply invalid values for rx/tx queue
size or other NIC parameters. A privileged guest user may use this flaw to
crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-3416
A potential stack overflow via infinite loop issue was found in various NIC
emulators of QEMU in versions up to and including 5.2.0. The issue occurs
in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: qemu
Version: 1:2.8+dfsg-6+deb9u14
CVE ID: CVE-2020-17380 CVE-2021-3392 CVE-2021-3409 CVE-2021-3416
Debian Bug: 984450 984451 984452 984448 984449 970937
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!