First published: Thu Feb 25 2021(Updated: )
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU qemu | <=5.2.0 | |
Fedoraproject Fedora | =33 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u7 1:9.2.0+ds-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3416 is a potential stack overflow via infinite loop issue found in various NIC emulators of QEMU.
CVE-2021-3416 has a severity level of medium.
Versions up to and including 5.2.0 of QEMU are affected by CVE-2021-3416.
A guest user/process can exploit CVE-2021-3416 to consume CPU cycles or crash the QEMU process.
Yes, there are remedies available for CVE-2021-3416. Please refer to the relevant links for more information.