Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 773220 (CVE-2021-20203, CVE-2021-20255, CVE-2021-20257, CVE-2021-3416) - app-emulation/qemu: privileged guest user can cause host DoS (CVE-2021-{3416,20203,20255,20257})
Summary: app-emulation/qemu: privileged guest user can cause host DoS (CVE-2021-{3416,...
Alias: CVE-2021-20203, CVE-2021-20255, CVE-2021-20257, CVE-2021-3416
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [upstream]
Depends on:
Reported: 2021-02-27 02:38 UTC by John Helmert III
Modified: 2021-04-04 19:35 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-02-27 02:38:51 UTC

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

Looks like no fix yet.
Comment 1 John Helmert III gentoo-dev Security 2021-02-27 04:00:11 UTC
A few others triggerable by guests.

CVE-2021-20255: infinite recursion in eepro100 i8255x device emulator

Possible patch:

CVE-2021-20257: infinite loop in e1000 NIC emulator.
Possible patch:

CVE-2021-3416: infinite loops in various NIC emulators.
Possible patch:
Comment 2 Matthias Maier gentoo-dev 2021-04-04 19:35:28 UTC
The proposed patches are quite nontrivial. We have to wait for upstream to assess the situation.

One patch landed upstream so far:

commit 3de46e6fc489c52c9431a8a832ad8170a7569bd8
Author: Jason Wang <>
Date:   Wed Feb 24 13:45:28 2021 +0800

    e1000: fail early for evil descriptor