An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1922441 | Issue Tracking Patch Third Party Advisory |
https://bugs.launchpad.net/qemu/+bug/1913873 | Exploit Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202208-27 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | Mailing List Third Party Advisory |
Information
Published : 2021-02-25 12:15
Updated : 2022-09-30 12:32
NVD link : CVE-2021-20203
Mitre link : CVE-2021-20203
JSON object : View
CWE
CWE-190
Integer Overflow or Wraparound
Products Affected
debian
- debian_linux
fedoraproject
- fedora
qemu
- qemu