CVE-2021-20257

QEMU: net: e1000: infinite loop while processing transmit descriptors

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Se ha encontrado un fallo de bucle infinito en el emulador NIC e1000 de QEMU. Este problema se produce mientras son procesados descriptores de transmisión (tx) en la función process_tx_desc si varios campos del descriptor son inicializados con valores no válidos. Este fallo permite a un huésped consumir ciclos de CPU en el host, resultando en una denegación de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema

An update that solves 15 vulnerabilities and has two fixes is now available. This update for qemu fixes the following issues. Fixed OOB access in sm501 device emulation. Fixed use-after-free in usb xhci packet handling. Fixed use-after-free in usb ehci packet handling. Fixed infinite loop in usb hcd-ohci emulation. Fixed OOB access in usb hcd-ohci emulation. Fixed guest triggerable assert in shared network handling code. Fixed infinite loop in e1000e device emulation. Fixed OOB access in atapi emulation. Fixed heap overflow in MSIx emulation. Fixed null pointer deref. In mmio ops. Fixed infinite loop in e1000 device emulation. Fixed OOB access in rtl8139 NIC emulation. Fixed OOB access in other NIC emulations. Fixed OOB access in ati-vga emulation. Fixed OOB access in SLIRP ARP/NCSI packet processing directories and log files SLE15-SP3, and openSUSE equivalents This update was imported from the SUSE:SLE-15-SP2:Update update project.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-12-17 CVE Reserved
2021-04-23 CVE Published
2024-08-03 CVE Updated
2025-04-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CAPEC

References (8)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html	Mailing List
https://security.netapp.com/advisory/ntap-20220425-0003	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=1930087	2022-01-11
https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8	2023-02-12
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html	2023-02-12
https://www.openwall.com/lists/oss-security/2021/02/25/2	2023-02-12

URL	Date	SRC
https://security.gentoo.org/glsa/202208-27	2023-02-12
https://access.redhat.com/security/cve/CVE-2021-20257	2022-01-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Codeready Linux Builder Search vendor "Redhat" for product "Codeready Linux Builder"	-	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Codeready Linux Builder Search vendor "Redhat" for product "Codeready Linux Builder"	-	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems"	8.0 Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Codeready Linux Builder Search vendor "Redhat" for product "Codeready Linux Builder"	-	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian"	8.0 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "8.0"	-	Safe
Qemu Search vendor "Qemu"		Qemu Search vendor "Qemu" for product "Qemu"				< 6.2.0 Search vendor "Qemu" for product "Qemu" and version " < 6.2.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				33 Search vendor "Fedoraproject" for product "Fedora" and version "33"		-		Affected
Redhat Search vendor "Redhat"		Openstack Platform Search vendor "Redhat" for product "Openstack Platform"				10.0 Search vendor "Redhat" for product "Openstack Platform" and version "10.0"		-		Affected
Redhat Search vendor "Redhat"		Openstack Platform Search vendor "Redhat" for product "Openstack Platform"				13.0 Search vendor "Redhat" for product "Openstack Platform" and version "13.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		advanced_virtualization		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems"				8.0 Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian"				8.0 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected