Vulnerabilities > CVE-2021-20257 - Infinite Loop vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Vulnerable Configurations

Part Description Count
Application
Qemu
362
Application
Redhat
3
OS
Fedoraproject
1
OS
Redhat
5
OS
Debian
1