Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-20255

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Related bugs and status

CVE-2021-20255 (Candidate) is related to these bugs:

Bug #1959984: [22.04 FEAT] KVM: Allow long kernel command lines for QEMU

Summary				In	Importance	Status
	1959984	[22.04 FEAT] KVM: Allow long kernel command lines for QEMU		qemu (Ubuntu)	High	Fix Released
	1959984	[22.04 FEAT] KVM: Allow long kernel command lines for QEMU		Ubuntu on IBM z Systems	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MISC: https://ruhr-uni-bochu...
MISC: https://www.openwall.c...
MISC: https://lists.debian.o...
MISC: https://security.netap...