CVE-2021-3416Infinite Loop in Qemu

CWE-835Infinite Loop8 documents7 sources
Severity
6.0MEDIUMNVD
OSV2.3
EPSS
0.0%
top 99.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
QemuDebian QemuDebian Linux+6 more
Timeline
PublishedMar 18
Latest updateMay 24

Description

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages9 packages

debiandebian/qemu< qemu 1:5.2+dfsg-9 (bookworm)
Debianqemu/qemu< 1:5.2+dfsg-9+3
Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.37+1
NVDqemu/qemu5.2.0
CVEListV5qemu/qemuversions up to and including 5.2.0

Also affects: Debian Linux 10.0, 9.0, Fedora 33, Enterprise Linux 6.0, 7.0, 8.0

Patches

Patch: bugzilla.redhat.comPatch: www.openwall.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-g3hx-jv57-3ffr: A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 52022-05-24
OSV
qemu vulnerabilities2021-07-15
OSV
CVE-2021-3416: A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 52021-03-18

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2021-07-15
Microsoft
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA ch2021-03-09
Red Hat
QEMU: net: Infinite loop in loopback mode may lead to stack overflow2021-02-24
Debian
CVE-2021-3416: qemu - A potential stack overflow via infinite loop issue was found in various NIC emul...2021