Vulnerability DatabaseCVE-2021-3416
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2021-3416
March 18, 2021
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
Related ResourcesĀ (22)
https://access.redhat.com/errata/RHSA-2021:3703
https://github.com/qemu/qemu/commit/8c92060d3c0248bd4d515719a35922cd2391b9b4
https://security-tracker.debian.org/tracker/CVE-2021-3416
https://security.gentoo.org/glsa/202208-27
https://github.com/qemu/qemu/commit/37cee01784ff0df13e5209517e1b3594a5e792d1
https://bugzilla.redhat.com/show_bug.cgi?id=1932827
https://github.com/qemu/qemu/commit/5311fb805a4403bba024e83886fa0e7572265de4
https://github.com/qemu/qemu/commit/26194a58f4eb83c5bdf4061a1628508084450ba1
https://github.com/qemu/qemu/commit/705df5466c98f3efdd2b68d3b31dad86858acad7
https://github.com/qemu/qemu/commit/99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928
https://github.com/qemu/qemu/commit/331d2ac9ea307c990dc86e6493e8f0c48d14bb33
https://access.redhat.com/security/cve/CVE-2021-3416
https://github.com/qemu/qemu/commit/e73adfbeec9d4e008630c814759052ed945c3fed
https://github.com/qemu/qemu/commit/1caff0340f49c93d535c6558a5138d20d475315c
https://github.com/qemu/qemu/commit/8c552542b81e56ff532dd27ec6e5328954bdda73
https://access.redhat.com/errata/RHSA-2021:3061
https://www.openwall.com/lists/oss-security/2021/02/26/1
https://security.alpinelinux.org/vuln/CVE-2021-3416
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
https://security.netapp.com/advisory/ntap-20210507-0002/
https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3416
https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.1
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
HIGH
CVSS v3
Base Score:
6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
CVSS v2
Base Score:
2.1
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
Weakness Type (CWE)
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-835
EPSS
Base Score:
0.01