PT-2021-7352 · Qemu+9 · Qemu+9

Alexander Bulekov

+4

·

Published

2021-02-10

·

Updated

2026-06-09

·

CVE-2021-20257

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)
Description An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process tx desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2021:5238
ALT-PU-2021-3286
ALT-PU-2021-3363
ALT-PU-2021-3585
ALT-PU-2022-2062
ALT-PU-2022-3390
AZL-9068
BDU:2022-05772
CESA-2021_5238
CVE-2021-20257
DLA-2623-1
DLA-3099-1
OESA-2022-1690
OPENSUSE-SU-2021:0600-1
OPENSUSE-SU-2021:1043-1
OPENSUSE-SU-2021_0600-1
OPENSUSE-SU-2021_1043-1
OPENSUSE-SU-2024:11287-1
RHSA-2021:5238
RHSA-2021_5238
RHSA-2022:0081
RLSA-2021:5238
SUSE-SU-2021:1023-1
SUSE-SU-2021:1240-1
SUSE-SU-2021:1241-1
SUSE-SU-2021:1242-1
SUSE-SU-2021:1243-1
SUSE-SU-2021:1244-1
SUSE-SU-2021:1245-1
SUSE-SU-2021:1251-1
SUSE-SU-2021:1252-1
SUSE-SU-2021:1305-1
SUSE-SU-2021:14702-1
SUSE-SU-2021:14704-1
SUSE-SU-2021:14706-1
SUSE-SU-2021:1829-1
SUSE-SU-2021:1837-1
SUSE-SU-2021:1893-1
SUSE-SU-2021:1894-1
SUSE-SU-2021:1895-1
SUSE-SU-2021:1918-1
SUSE-SU-2021:1947-1
SUSE-SU-2021_1251-1
SUSE-SU-2021_1252-1
SUSE-SU-2021_14702-1
SUSE-SU-2021_14704-1
SUSE-SU-2022:1375-1
SUSE-SU-2022_1375-1
USN-5010-1
USN-8412-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Qemu
Red Hat
Rocky Linux
Suse
Ubuntu