Date: Thu, 25 Feb 2021 16:58:53 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss security list <oss-security@...ts.openwall.com> cc: Ruhr-University Bochum <bugs-syssec@....de>, Cheolwoo Myung <cwmyung@....ac.kr>, Alexander Bulekov <alxndr@...edu> Subject: CVE-2021-20257 QEMU: net: e1000: infinite loop while processing transmit descriptors Hello, An infinite loop issue was found in the e1000 NIC emulator of the QEMU. It occurs while processing transmit (tx) descriptors in process_tx_desc, if various descriptor fields are initialised with invalid values. A guest may use this flaw to consume cpu cycles on the host resulting in DoS scenario. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html 'CVE-2021-20257' assigned by Red Hat Inc. This issue was independently reported by Sergej Schumilo, Cornelius Aschermann, Simon Werner of Ruhr-University Bochum; Cheolwoo Myung of Seoul National University; And Alexander Bulekov (CC'd). Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.