CVE-2021-3416
Published: 18 March 2021
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
Priority
Status
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.0 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | High |
User interaction | None |
Scope | Changed |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3416
- https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html
- https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html
- https://www.openwall.com/lists/oss-security/2021/02/26/1
- https://ubuntu.com/security/notices/USN-5010-1
- NVD
- Launchpad
- Debian