Unrated severityNVD Advisory· Published Mar 9, 2021· Updated Aug 3, 2024

CVE-2021-20255

Description

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Affected products

N/A/Qemuv5
Range: all versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2021/04/msg00009.htmlmitremailing-listx_refsource_MLIST
ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwEmitrex_refsource_MISC
security.netapp.com/advisory/ntap-20210507-0003/mitrex_refsource_CONFIRM
www.openwall.com/lists/oss-security/2021/02/25/1mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000