CVE-2021-20203
Summary
| CVE | CVE-2021-20203 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-02-25 20:15:00 UTC |
|---|
| Updated | 2022-09-30 19:32:00 UTC |
|---|
| Description | An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 3099-1] qemu security update |
MLIST |
lists.debian.org |
|
| [SECURITY] [DLA 2623-1] qemu security update |
MLIST |
lists.debian.org |
|
| QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| 1922441 – (CVE-2021-20203) CVE-2021-20203 qemu: Failed malloc in vmxnet3_activate_device() in hw/net/vmxnet3.c |
MISC |
bugzilla.redhat.com |
Issue Tracking, Patch, Third Party Advisory |
| Bug #1913873 “QEMU: net: vmxnet: integer overflow may crash gues...” : Bugs : QEMU |
MISC |
bugs.launchpad.net |
Exploit, Patch, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159638 Oracle Enterprise Linux Security Update for qemu (ELSA-2022-9123)
- 159672 Oracle Enterprise Linux Security Update for kvm_utils (ELSA-2022-9172)
- 174921 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1245-1)
- 174922 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1240-1)
- 174923 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1241-1)
- 174924 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1244-1)
- 174926 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1242-1)
- 178540 Debian Security Update for qemu (DLA 2623-1)
- 180995 Debian Security Update for qemu (DLA 3099-1)
- 184091 Debian Security Update for qemu (CVE-2021-20203)
- 198683 Ubuntu Security Notification for QEMU Vulnerabilities (USN-5307-1)
- 502168 Alpine Linux Security Update for qemu
- 502353 Alpine Linux Security Update for qemu
- 671198 EulerOS Security Update for qemu (EulerOS-SA-2022-1034)
- 671203 EulerOS Security Update for qemu (EulerOS-SA-2022-1014)
- 710604 Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)
- 750338 OpenSUSE Security Update for qemu (openSUSE-SU-2021:0363-1)
- 900236 CBL-Mariner Linux Security Update for qemu-kvm 4.2.0
- 902907 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (3915)
