{ "threat_severity" : "Low", "public_date" : "2021-02-24T00:00:00Z", "bugzilla" : { "description" : "QEMU: net: Infinite loop in loopback mode may lead to stack overflow", "id" : "1932827", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1932827" }, "cvss3" : { "cvss3_base_score" : "3.2", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-835", "details" : [ "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.", "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario." ], "affected_release" : [ { "product_name" : "Advanced Virtualization for RHEL 8.4.0.Z", "release_date" : "2021-09-30T00:00:00Z", "advisory" : "RHSA-2021:3703", "cpe" : "cpe:/a:redhat:advanced_virtualization:8.4::el8", "package" : "virt:av-8040020210922084349.522a0ee4" }, { "product_name" : "Advanced Virtualization for RHEL 8.4.0.Z", "release_date" : "2021-09-30T00:00:00Z", "advisory" : "RHSA-2021:3703", "cpe" : "cpe:/a:redhat:advanced_virtualization:8.4::el8", "package" : "virt-devel:av-8040020210922084349.522a0ee4" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-08-10T00:00:00Z", "advisory" : "RHSA-2021:3061", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "virt-devel:rhel-8040020210721215855.522a0ee4" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-08-10T00:00:00Z", "advisory" : "RHSA-2021:3061", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "virt:rhel-8040020210721215855.522a0ee4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "qemu-kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "qemu-kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "qemu-kvm-ma", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization", "fix_state" : "Will not fix", "package_name" : "virt:8.2/qemu-kvm", "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8" }, { "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization", "fix_state" : "Will not fix", "package_name" : "virt:8.3/qemu-kvm", "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8" }, { "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization", "fix_state" : "Affected", "package_name" : "virt:av/qemu-kvm", "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Out of support scope", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Out of support scope", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:13" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-3416\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3416\nhttps://www.openwall.com/lists/oss-security/2021/02/26/1" ], "name" : "CVE-2021-3416", "csaw" : false }