CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
14.2%
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This
issue occurs while processing transmits (tx) descriptors in process_tx_desc
if various descriptor fields are initialized with invalid values. This flaw
allows a guest to consume CPU cycles on the host, resulting in a denial of
service. The highest threat from this vulnerability is to system
availability.
launchpad.net/bugs/cve/CVE-2021-20257
lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
nvd.nist.gov/vuln/detail/CVE-2021-20257
security-tracker.debian.org/tracker/CVE-2021-20257
ubuntu.com/security/notices/USN-5010-1
www.cve.org/CVERecord?id=CVE-2021-20257
www.openwall.com/lists/oss-security/2021/02/25/2
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
14.2%