Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
1

CVE-2021-20257

Disclosure Date: March 16, 2022
CVE-2021-20257 CVSS v3 Base Score: 6.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Add Assessment

2
Technical Analysis

Security issues have been identified in Citrix Hypervisor 8.2 LTSR, each of which may allow privileged code in a guest VM to cause the host to crash or become unresponsive. These issues only affect Citrix Hypervisor 8.2 LTSR.

Source: https://support.citrix.com/article/CTX316325

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
6.5 Medium
Impact Score:
4
Exploitability Score:
2
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
QEMU Fixed-In v6.2.0
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • fedoraproject,
  • qemu,
  • redhat

Products

  • codeready linux builder -,
  • debian linux 10.0,
  • enterprise linux 6.0,
  • enterprise linux 8.0,
  • enterprise linux for ibm z systems 8.0,
  • enterprise linux for power little endian 8.0,
  • fedora 33,
  • openstack platform 10.0,
  • openstack platform 13.0,
  • qemu
Technical Analysis