CVE-2021-20203Integer Overflow or Wraparound in Qemu

CWE-190Integer Overflow or Wraparound8 documents7 sources
Severity
3.2LOWNVD
OSV6.5
EPSS
0.0%
top 91.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
QemuDebian QemuDebian Linux+7 more
Timeline
PublishedFeb 25
Latest updateMay 24

Description

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:LExploitability: 1.5 | Impact: 1.4

Affected Packages11 packages

debiandebian/qemu< qemu 1:6.2+dfsg-1 (bookworm)
Debianqemu/qemu< 1:5.2+dfsg-11+deb11u3+3
Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.39+1
NVDqemu/qemu5.2.0
CVEListV5qemu/qemuversions up to v5.2.0

Also affects: Debian Linux 10.0, 9.0, Fedora 33

Patches

Patch: bugs.launchpad.netPatch: bugzilla.redhat.comPatch: bugs.launchpad.net

🔴Vulnerability Details

3
GHSA
GHSA-8gqc-j7wm-6g58: An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v52022-05-24
OSV
qemu vulnerabilities2022-02-28
OSV
CVE-2021-20203: An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v52021-02-25

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2022-02-28
Microsoft
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters2021-02-09
Red Hat
qemu: Failed malloc in vmxnet3_activate_device() in hw/net/vmxnet3.c2021-01-30
Debian
CVE-2021-20203: qemu - An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for ...2021