REDHAT-BUG-1930087
First published: Thu Feb 18 2021(Updated: )
An infinite loop issue was found in the e1000 NIC emulator of the QEMU. It occurs while processing transmit (tx) descriptors in process_tx_desc, if various descriptor fields are initialised with invalid values. A guest may use this flaw to consume cpu cycles on the host resulting in DoS scenario. Upstream patch: --------------- -> <a href="https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html">https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1930089
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1930094
- https://access.redhat.com/support/policy/updates/errata/
- https://www.openwall.com/lists/oss-security/2021/02/25/2
- https://access.redhat.com/errata/RHSA-2021:5238
- https://access.redhat.com/security/cve/cve-2021-20257
- https://access.redhat.com/errata/RHSA-2022:0081
- https://bugzilla.redhat.com/show_bug.cgi?id=1930087
Frequently Asked Questions
What is the severity of REDHAT-BUG-1930087?
The severity of REDHAT-BUG-1930087 is classified as a DoS vulnerability due to potential CPU cycle consumption.
How do I fix REDHAT-BUG-1930087?
To fix REDHAT-BUG-1930087, you should apply the latest patches and updates provided by the QEMU project.
What systems are affected by REDHAT-BUG-1930087?
REDHAT-BUG-1930087 affects QEMU versions where the e1000 NIC emulator is used.
What are the potential impacts of REDHAT-BUG-1930087?
The potential impact of REDHAT-BUG-1930087 includes a denial of service (DoS) condition from excessive CPU usage by affected guest systems.
Is there a workaround for REDHAT-BUG-1930087?
Currently, disabling the use of the e1000 NIC emulator can serve as a temporary workaround for REDHAT-BUG-1930087.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-20257
- agent/source
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/qemu
- canonical/qemu