Bug 1930087 (CVE-2021-20257)

Summary: CVE-2021-20257 QEMU: net: e1000: infinite loop while processing transmit descriptors
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: berrange, cfergeau, dbecker, jen, jferlan, jforbes, jjoyce, jmaloy, jschluet, knoel, lhh, lpeer, m.a.young, mburns, mkenneth, mrezanin, mst, ondrejj, pbonzini, philmd, ribarry, rjones, robinlee.sysu, sclewis, slinaber, virt-maint, virt-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-21 10:49:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1930089, 1930090, 1930091, 1930092, 1930093, 1930094, 2025011, 2025603    
Bug Blocks: 1887771, 1974576    

Description Prasad Pandit 2021-02-18 11:02:25 UTC 
An infinite loop issue was found in the e1000 NIC emulator of the QEMU. It occurs while processing transmit (tx) descriptors in process_tx_desc, if various descriptor fields are initialised with invalid values. A guest may use this flaw to consume cpu cycles on the host resulting in DoS scenario.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
Comment 1 Prasad Pandit 2021-02-18 11:03:05 UTC 
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1930089]
Comment 3 Prasad Pandit 2021-02-18 11:05:39 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1930094]
Comment 5 Prasad Pandit 2021-02-18 11:18:52 UTC 
Acknowledgments:

Name: Alexander Bulekov, Cheolwoo Myung (Seoul National University), Sergej Schumilo (Ruhr-University Bochum), Cornelius Aschermann (Ruhr-University Bochum), Simon Werner (Ruhr-University Bochum)
Comment 9 RaTasha Tillery-Smith 2021-02-22 18:09:29 UTC 
Statement:

This issue affects the version of the qemu-kvm package shipped with Red Hat Enterprise Linux 6, 7 and 8. Future qemu-kvm package updates for Red Hat Enterprise Linux 7 and 8 may address this issue.

This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6. For additional information, refer
to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Comment 10 Prasad Pandit 2021-02-25 11:56:09 UTC 
External References:

https://www.openwall.com/lists/oss-security/2021/02/25/2
Comment 11 errata-xmlrpc 2021-12-21 09:59:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:5238 https://access.redhat.com/errata/RHSA-2021:5238
Comment 12 Product Security DevOps Team 2021-12-21 10:49:53 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-20257
Comment 13 errata-xmlrpc 2022-01-11 16:02:11 UTC 
This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.5.0.Z

Via RHSA-2022:0081 https://access.redhat.com/errata/RHSA-2022:0081