CVE-2021-20255

Beschreibung:
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CWE: CWE-835

CVSS-Bewertung
CVSS 2: LOW – 2.1 (Version: 2.0)
CVSS 3: MEDIUM – 5.5 (Version: 3.1)

Links:

NVD – CVE-2021-20255
CVE – CVE-2021-20255

Link (max. 20) Quelle Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1930646 MISC Issue Tracking Patch Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/02/25/1 MISC Mailing List Patch Third Party Advisory
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1 MISC Third Party Advisory VDB Entry
[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update MLIST Release Notes Third Party Advisory
https://security.netapp.com/advisory/ntap-20210507-0003/ CONFIRM Vendor Advisory VDB Entry
[oss-security] 20210309 git: malicious repositories can execute remote code while cloning MLIST Exploit Mailing List Third Party Advisory
FEDORA-2021-63fcbd126e FEDORA Third Party Advisory VDB Entry
FEDORA-2021-ffd0b2108d FEDORA Mailing List Third Party Advisory
FEDORA-2021-03e61a6647 FEDORA Mailing List Third Party Advisory
https://support.apple.com/kb/HT212320 CONFIRM Third Party Advisory VDB Entry
20210427 APPLE-SA-2021-04-26-10 Xcode 12.5 FULLDISC Mailing List Third Party Advisory
GLSA-202104-01 GENTOO Third Party Advisory VDB Entry
https://www.tenable.com/security/tns-2021-05 CONFIRM Third Party Advisory
FEDORA-2021-cbf14ab8f9 FEDORA Mailing List Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10356 CONFIRM Third Party Advisory
https://www.tenable.com/security/tns-2021-09 CONFIRM

Quelle: NVD – CVE-2021-20255
Datum Veröffentlichung: 2021-03-09T20:15Z, Datum letzte Änderung: 2021-05-07T05:15Z