CVE-2021-20203 : An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

Published 2021-02-25 20:15:12

Updated 2022-09-30 19:32:38

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2021-20203

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions
Qemu » Qemu
Versions up to, including, (<=) 5.2.0
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-20203

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-20203

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
3.2	LOW	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L	1.5	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2021-20203

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2021-20203

https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html

[SECURITY] [DLA 3099-1] qemu security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1922441

1922441 – (CVE-2021-20203) CVE-2021-20203 qemu: Failed malloc in vmxnet3_activate_device() in hw/net/vmxnet3.c
Issue Tracking;Patch;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html

[SECURITY] [DLA 2623-1] qemu security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://bugs.launchpad.net/qemu/+bug/1913873

Bug #1913873 “QEMU: net: vmxnet: integer overflow may crash gues...” : Bugs : QEMU
Exploit;Patch;Third Party Advisory
https://security.gentoo.org/glsa/202208-27

QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-20203

Products affected by CVE-2021-20203

Exploit prediction scoring system (EPSS) score for CVE-2021-20203

CVSS scores for CVE-2021-20203

CWE ids for CVE-2021-20203

References for CVE-2021-20203