CVE-2021-20203

CVSS v3.1

3.2

Low

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions QEMU versions up to v5.2.0

Description An integer overflow issue was found in the vmxnet3 NIC emulator of QEMU. This issue may occur if a guest supplies invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host, resulting in a Denial of Service (DoS) scenario.

Recommendations For QEMU versions up to v5.2.0, update to a version later than v5.2.0 to resolve the issue. As a temporary workaround, consider restricting the ability of guest users to supply invalid values for NIC parameters to minimize the risk of exploitation.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2021-1767

ALT-PU-2021-3585

ALT-PU-2022-1412

ALT-PU-2022-3390

ALT-PU-2024-13687

ALT-PU-2024-14149

BDU:2022-05835

CVE-2021-20203

DLA-2623-1

DLA-3099-1

OESA-2021-1128

OPENSUSE-SU-2021:0363-1

OPENSUSE-SU-2021_0363-1

OPENSUSE-SU-2024:11287-1

SUSE-SU-2021:0521-1

SUSE-SU-2021:1240-1

SUSE-SU-2021:1241-1

SUSE-SU-2021:1242-1

SUSE-SU-2021:1244-1

SUSE-SU-2021:1245-1

SUSE-SU-2021:1305-1

USN-5307-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Qemu

Suse

Ubuntu

CVE-2021-20203

Weakness Enumeration

Related Identifiers

Affected Products

References · 244