An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1930087 | Issue Tracking Patch Third Party Advisory |
https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | Mailing List Third Party Advisory |
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html | Mailing List Patch Vendor Advisory |
https://security.gentoo.org/glsa/202208-27 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220425-0003/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2021/02/25/2 | Mailing List Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
|
History
12 Feb 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Feb 2023, 21:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Sep 2022, 15:20
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux |
|
References | (GENTOO) https://security.gentoo.org/glsa/202208-27 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
05 Sep 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Aug 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 May 2022, 20:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220425-0003/ - Third Party Advisory | |
First Time |
Fedoraproject
Redhat codeready Linux Builder Fedoraproject fedora Redhat Redhat enterprise Linux For Ibm Z Systems Redhat openstack Platform Redhat enterprise Linux Redhat enterprise Linux For Power Little Endian |
25 Apr 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Mar 2022, 17:06
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-835 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 6.5 |
CPE | cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* | |
First Time |
Qemu qemu
Qemu |
|
References | (MISC) https://www.openwall.com/lists/oss-security/2021/02/25/2 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8 - Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1930087 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html - Mailing List, Patch, Vendor Advisory |
16 Mar 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-16 15:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-20257
Mitre link : CVE-2021-20257
CVE.ORG link : CVE-2021-20257
JSON object : View
Products Affected
redhat
- openstack_platform
- enterprise_linux_for_ibm_z_systems
- codeready_linux_builder
- enterprise_linux
- enterprise_linux_for_power_little_endian
qemu
- qemu
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')