Bug 1930087 (CVE-2021-20257) - CVE-2021-20257 QEMU: net: e1000: infinite loop while processing transmit descriptors
Summary: CVE-2021-20257 QEMU: net: e1000: infinite loop while processing transmit desc...
Alias: CVE-2021-20257
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1930089 1930090 1930091 1930092 1930093 1930094 2025011 2025603
Blocks: 1887771 1974576
TreeView+ depends on / blocked
Reported: 2021-02-18 11:02 UTC by Prasad Pandit
Modified: 2022-01-11 16:02 UTC (History)
27 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Last Closed: 2021-12-21 10:49:56 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:5238 0 None None None 2021-12-21 09:59:13 UTC
Red Hat Product Errata RHSA-2022:0081 0 None None None 2022-01-11 16:02:15 UTC

Description Prasad Pandit 2021-02-18 11:02:25 UTC
An infinite loop issue was found in the e1000 NIC emulator of the QEMU. It occurs while processing transmit (tx) descriptors in process_tx_desc, if various descriptor fields are initialised with invalid values. A guest may use this flaw to consume cpu cycles on the host resulting in DoS scenario.

Upstream patch:
  -> https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html

Comment 1 Prasad Pandit 2021-02-18 11:03:05 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1930089]

Comment 3 Prasad Pandit 2021-02-18 11:05:39 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1930094]

Comment 5 Prasad Pandit 2021-02-18 11:18:52 UTC

Name: Alexander Bulekov, Cheolwoo Myung (Seoul National University), Sergej Schumilo (Ruhr-University Bochum), Cornelius Aschermann (Ruhr-University Bochum), Simon Werner (Ruhr-University Bochum)

Comment 9 RaTasha Tillery-Smith 2021-02-22 18:09:29 UTC

This issue affects the version of the qemu-kvm package shipped with Red Hat Enterprise Linux 6, 7 and 8. Future qemu-kvm package updates for Red Hat Enterprise Linux 7 and 8 may address this issue.

This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6. For additional information, refer
to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Comment 10 Prasad Pandit 2021-02-25 11:56:09 UTC
External References:


Comment 11 errata-xmlrpc 2021-12-21 09:59:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:5238 https://access.redhat.com/errata/RHSA-2021:5238

Comment 12 Product Security DevOps Team 2021-12-21 10:49:53 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Comment 13 errata-xmlrpc 2022-01-11 16:02:11 UTC
This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.5.0.Z

Via RHSA-2022:0081 https://access.redhat.com/errata/RHSA-2022:0081

Note You need to log in before you can comment on or make changes to this bug.