CVE-2021-20255

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/03/2021
Last modified:
05/08/2022

Description

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*