An infinite loop issue was found in the e1000 NIC emulator of the QEMU. It occurs while processing transmit (tx) descriptors in process_tx_desc, if various descriptor fields are initialised with invalid values. A guest may use this flaw to consume cpu cycles on the host resulting in DoS scenario. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1930089]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1930094]
Acknowledgments: Name: Alexander Bulekov, Cheolwoo Myung (Seoul National University), Sergej Schumilo (Ruhr-University Bochum), Cornelius Aschermann (Ruhr-University Bochum), Simon Werner (Ruhr-University Bochum)
Statement: This issue affects the version of the qemu-kvm package shipped with Red Hat Enterprise Linux 6, 7 and 8. Future qemu-kvm package updates for Red Hat Enterprise Linux 7 and 8 may address this issue. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
External References: https://www.openwall.com/lists/oss-security/2021/02/25/2
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:5238 https://access.redhat.com/errata/RHSA-2021:5238
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-20257
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.5.0.Z Via RHSA-2022:0081 https://access.redhat.com/errata/RHSA-2022:0081