Debian Long Term Support / LTS Security Information / 2021 / Security Information -- DLA-2623-1 qemu

Debian Security Advisory

DLA-2623-1 qemu -- LTS security update

Date Reported:

10 Apr 2021

Affected Packages:

qemu

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 984450, Bug 984451, Bug 984452, Bug 984448, Bug 984449, Bug 970937.
In Mitre's CVE dictionary: CVE-2020-17380, CVE-2021-3392, CVE-2021-3409, CVE-2021-3416, CVE-2021-20203, CVE-2021-20255, CVE-2021-20257.

More information:

Several security vulnerabilities have been discovered in QEMU, a fast processor emulator.

• CVE-2021-20257

  net: e1000: infinite loop while processing transmit descriptors

• CVE-2021-20255

  A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service.

• CVE-2021-20203

  An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

• CVE-2021-3416

  A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

• CVE-2021-3416

  The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution.

For Debian 9 stretch, these problems have been fixed in version 1:2.8+dfsg-6+deb9u14.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS