CVE-2021-20203

CVE-2021-20203

Name

CVE-2021-20203

Description

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=1922441
Exploit	https://bugs.launchpad.net/qemu/+bug/1913873
MLIST	https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html

Type

URI

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1922441

Exploit

https://bugs.launchpad.net/qemu/+bug/1913873

MLIST

https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:qemu:qemu::::::::`	qemu	>= None	<= 5.2.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

qemu

>= None

<= 5.2.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
qemu	3.13-community	5.2.0-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
qemu	3.10-main	4.0.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
qemu	3.15-community	6.1.1-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

qemu

3.13-community

5.2.0-r3

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

qemu

3.10-main