Bug 1930646 (CVE-2021-20255)
Summary: | CVE-2021-20255 QEMU: net: eepro100: stack overflow via infinite recursion | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Prasad Pandit <ppandit> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | berrange, cfergeau, dbecker, jen, jferlan, jforbes, jjoyce, jmaloy, jschluet, knoel, lhh, lpeer, m.a.young, mburns, mkenneth, mrezanin, mst, ondrejj, pbonzini, philmd, ribarry, rjones, robinlee.sysu, sclewis, slinaber, virt-maint, virt-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | --- | |
Doc Text: |
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-02-19 13:01:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1930647, 1930648 | ||
Bug Blocks: | 1887771, 1930894 |
Description
Prasad Pandit
2021-02-19 11:00:49 UTC
Acknowledgments: Name: Sergej Schumilo (Ruhr-University Bochum), Cornelius Aschermann (Ruhr-University Bochum), Simon Werner (Ruhr-University Bochum) External References: https://www.openwall.com/lists/oss-security/2021/02/25/1 https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1 Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1930647] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1930648] Statement: This issue does not affect the version of the qemu-kvm package shipped with Red Hat Enterprise Linux 7 and 8. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates of the Red Hat Enterprise Linux 6. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. |