Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2021-20255

HistoryMar 09, 2021 - 8:15 p.m.

CVE-2021-20255

2021-03-0920:15:13

Debian Security Bug Tracker

security-tracker.debian.org

stack overflow

infinite recursion

qemu

eepro100

i8255x

device emulator

dma reentry

denial of service

cpu cycles

crash

system availability

vulnerability

unix

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.0%

JSON

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

OSVersionArchitecturePackageVersionFilename
Debian12allqemu<= 1:7.2+dfsg-7+deb12u7qemu_1:7.2+dfsg-7+deb12u7_all.deb
Debian11allqemu<= 1:5.2+dfsg-11+deb11u3qemu_1:5.2+dfsg-11+deb11u3_all.deb
Debian999allqemu< 1:8.1.0+ds-1qemu_1:8.1.0+ds-1_all.deb
Debian13allqemu< 1:8.1.0+ds-1qemu_1:8.1.0+ds-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	qemu	<= 1:7.2+dfsg-7+deb12u7	qemu_1:7.2+dfsg-7+deb12u7_all.deb
Debian	11	all	qemu	<= 1:5.2+dfsg-11+deb11u3	qemu_1:5.2+dfsg-11+deb11u3_all.deb
Debian	999	all	qemu	< 1:8.1.0+ds-1	qemu_1:8.1.0+ds-1_all.deb
Debian	13	all	qemu	< 1:8.1.0+ds-1	qemu_1:8.1.0+ds-1_all.deb