Home > Vulnerability Database > CVE-2021-3416

Mend.io Vulnerability Database

CVE-2021-3416

Date: March 18, 2021

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

Language: C

Severity Score

6.0

Related Resources (24)

Url: https://access.redhat.com/errata/RHSA-2021:3061

Url: https://github.com/qemu/qemu/commit/8c92060d3c0248bd4d515719a35922cd2391b9b4

Url: https://github.com/qemu/qemu/commit/5311fb805a4403bba024e83886fa0e7572265de4

Url: https://github.com/qemu/qemu/commit/331d2ac9ea307c990dc86e6493e8f0c48d14bb33

Url: https://github.com/qemu/qemu/commit/1caff0340f49c93d535c6558a5138d20d475315c

Url: https://security.gentoo.org/glsa/202208-27

Url: https://github.com/qemu/qemu/commit/8c552542b81e56ff532dd27ec6e5328954bdda73

Url: https://access.redhat.com/security/cve/CVE-2021-3416

Url: https://github.com/qemu/qemu/commit/99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928

Url: https://github.com/qemu/qemu/commit/e73adfbeec9d4e008630c814759052ed945c3fed

Url: https://github.com/qemu/qemu/commit/705df5466c98f3efdd2b68d3b31dad86858acad7

Url: https://access.redhat.com/errata/RHSA-2021:3703

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3416

Url: https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html

Url: https://security.netapp.com/advisory/ntap-20210507-0002/

Url: https://github.com/qemu/qemu/commit/37cee01784ff0df13e5209517e1b3594a5e792d1

Url: https://www.openwall.com/lists/oss-security/2021/02/26/1

Url: https://security-tracker.debian.org/tracker/CVE-2021-3416

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3416

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1932827

Url: https://github.com/qemu/qemu/commit/26194a58f4eb83c5bdf4061a1628508084450ba1

Url: https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html

Url: https://security.alpinelinux.org/vuln/CVE-2021-3416

Url: https://www.mend.io/vulnerability-database/CVE-2021-3416

Severity Score

6.0

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

CVSS v3.1

Base Score:	6.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3416

Date: March 18, 2021

Language: C

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?