CVE-2021-3416

Public on 2021-03-18
Modified on 2024-05-02
Description
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
Severity
Low severity
Low
CVSS v3 Base Score
3.2
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core qemu 2023-07-17 ALAS2-2023-2148 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
NVD CVSSv2 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv3 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H