Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-20257
HistoryFeb 23, 2021 - 12:00 a.m.

CVE-2021-20257

2021-02-2300:00:00
ubuntu.com
ubuntu.com
31
e1000 nic emulator
qemu
denial of service
system availability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

14.2%

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This
issue occurs while processing transmits (tx) descriptors in process_tx_desc
if various descriptor fields are initialized with invalid values. This flaw
allows a guest to consume CPU cycles on the host, resulting in a denial of
service. The highest threat from this vulnerability is to system
availability.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchqemu< 1:2.11+dfsg-1ubuntu7.37UNKNOWN
ubuntu20.04noarchqemu< 1:4.2-3ubuntu6.17UNKNOWN
ubuntu20.10noarchqemu< 1:5.0-5ubuntu9.9UNKNOWN
ubuntu14.04noarchqemu< anyUNKNOWN
ubuntu16.04noarchqemu< anyUNKNOWN

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

14.2%