Your submission was sent successfully! Close

CVE-2021-3416

Published: 18 March 2021

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

Priority

Low

CVSS 3 base score: 6.0

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic
Released (1:2.11+dfsg-1ubuntu7.37)
focal
Released (1:4.2-3ubuntu6.17)
groovy
Released (1:5.0-5ubuntu9.9)
hirsute Not vulnerable
(1:5.2+dfsg-9ubuntu3)
impish Not vulnerable
(1:5.2+dfsg-9ubuntu3)
jammy Not vulnerable
(1:5.2+dfsg-9ubuntu3)
precise Does not exist

trusty Needs triage

upstream Needs triage

xenial Needed

Patches:
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=705df5466c98f3efdd2b68d3b31dad86858acad7
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=1caff0340f49c93d535c6558a5138d20d475315c
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=331d2ac9ea307c990dc86e6493e8f0c48d14bb33
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=26194a58f4eb83c5bdf4061a1628508084450ba1
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=8c92060d3c0248bd4d515719a35922cd2391b9b4
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=8c552542b81e56ff532dd27ec6e5328954bdda73
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=5311fb805a4403bba024e83886fa0e7572265de4
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=e73adfbeec9d4e008630c814759052ed945c3fed
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=37cee01784ff0df13e5209517e1b3594a5e792d1
qemu-kvm
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Ignored
(end of ESM support, was needs-triage)
trusty Does not exist

upstream Needs triage

xenial Does not exist