Launchpad.net

CVE 2021-20203

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

Related bugs and status

CVE-2021-20203 (Candidate) is related to these bugs:

Bug #1913873: QEMU: net: vmxnet: integer overflow may crash guest

Summary				In	Importance	Status
	1913873	QEMU: net: vmxnet: integer overflow may crash guest		QEMU	Undecided	Expired

Bug #1953338: [UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - qemu part

		In	Importance	Status
1953338	[UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - qemu part	qemu (Ubuntu)	Undecided	Fix Released
1953338	[UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - qemu part	Ubuntu on IBM z Systems	High	Fix Released
1953338	[UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - qemu part	qemu (Ubuntu Focal)	Undecided	Fix Released

Bug #1959984: [22.04 FEAT] KVM: Allow long kernel command lines for QEMU

Summary				In	Importance	Status
	1959984	[22.04 FEAT] KVM: Allow long kernel command lines for QEMU		qemu (Ubuntu)	High	Fix Released
	1959984	[22.04 FEAT] KVM: Allow long kernel command lines for QEMU		Ubuntu on IBM z Systems	High	Fix Released

Bug #2038888: [Debian] High CVE: CVE-2020-14394/CVE-2021-20196/.../CVE-2023-3301/CVE-2023-3354 qemu: multiple CVEs

Summary				In	Importance	Status
	2038888	[Debian] High CVE: CVE-2020-14394/CVE-2021-20196/.../CVE-2023-3301/CVE-2023-3354 qemu: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-20203

Related bugs and status

Related bugs

References