CVE-2021-3416

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions QEMU versions up to and including 5.2.0

Description The issue is related to a potential stack overflow via an infinite loop in various NIC emulators of QEMU. This occurs in loopback mode of a NIC where reentrant DMA checks get bypassed, allowing a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial-of-service scenario.

Recommendations For QEMU versions up to and including 5.2.0, update to a version later than 5.2.0 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2021:3061

ALT-PU-2021-1767

BDU:2022-05839

CESA-2021_3061

CVE-2021-3416

DLA-2623-1

DLA-3099-1

OESA-2021-1191

OPENSUSE-SU-2021:0600-1

OPENSUSE-SU-2021:1942-1

OPENSUSE-SU-2021_0600-1

OPENSUSE-SU-2021_1942-1

OPENSUSE-SU-2024:11287-1

RHSA-2021:3061

RHSA-2021:3703

RHSA-2021_3061

RLSA-2021:3061

SUSE-SU-2021:1240-1

SUSE-SU-2021:1241-1

SUSE-SU-2021:1242-1

SUSE-SU-2021:1243-1

SUSE-SU-2021:1244-1

SUSE-SU-2021:1245-1

SUSE-SU-2021:1305-1

SUSE-SU-2021:14772-1

SUSE-SU-2021:14774-1

SUSE-SU-2021:1942-1

SUSE-SU-2021_14772-1

USN-5010-1

USN-8412-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Qemu

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2021-3416

Weakness Enumeration

Related Identifiers

Affected Products

References · 334