Bug 1930646 (CVE-2021-20255)

Summary: CVE-2021-20255 QEMU: net: eepro100: stack overflow via infinite recursion
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: berrange, cfergeau, dbecker, jen, jferlan, jforbes, jjoyce, jmaloy, jschluet, knoel, lhh, lpeer, m.a.young, mburns, mkenneth, mrezanin, mst, ondrejj, pbonzini, philmd, ribarry, rjones, robinlee.sysu, sclewis, slinaber, virt-maint, virt-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-19 13:01:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1930647, 1930648    
Bug Blocks: 1887771, 1930894    

Description Prasad Pandit 2021-02-19 11:00:49 UTC 
A stack overflow via infinite recursion issue was found in the eepro100 i8255x device emulator of QEMU. It could occur while processing controller commands due to DMA re-entrancy issue. A guest user/process may use this flaw to consume cpu cycles or crash the QEMU process on the host resulting in DoS scenario.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
Comment 1 Prasad Pandit 2021-02-19 11:00:59 UTC 
Acknowledgments:

Name: Sergej Schumilo (Ruhr-University Bochum), Cornelius Aschermann (Ruhr-University Bochum), Simon Werner (Ruhr-University Bochum)
Comment 3 Prasad Pandit 2021-02-19 11:01:09 UTC 
External References:

https://www.openwall.com/lists/oss-security/2021/02/25/1
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
Comment 4 Prasad Pandit 2021-02-19 11:01:54 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1930647]


Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1930648]
Comment 7 RaTasha Tillery-Smith 2021-02-22 18:06:02 UTC 
Statement:

This issue does not affect the version of the qemu-kvm package shipped with Red Hat Enterprise Linux 7 and 8.

This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates of the Red Hat Enterprise Linux 6. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.