CVE-2021-20255

Published: 3/9/2021 Last updated: 8/3/2024 Reserved: 12/17/2020

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (1)

Product	Vendor	Version
QEMU	n/a	<= 1.2.1

References (10)

https://bugzilla.redhat.com/show_bug.cgi?id=1930646
https://www.openwall.com/lists/oss-security/2021/02/25/1
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=/eepro100_stackoverflow1
https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
https://security.netapp.com/advisory/ntap-20210507-0003/
https://bugzilla.redhat.com/show_bug.cgi?id=1930646
https://www.openwall.com/lists/oss-security/2021/02/25/1
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=/eepro100_stackoverflow1
https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
https://security.netapp.com/advisory/ntap-20210507-0003/