6
CVE-2021-3416
- EPSS 0%
- Published 18.03.2021 20:15:13
- Last modified 21.11.2024 06:21:27
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version33
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0 SwEdition-
Redhat ≫ Enterprise Linux Version8.0 SwEditionadvanced_virtualization
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0% | 0.001 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 1.5 | 4 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.