CVE-2021-20257 vulnerability in Canonical and Other Products
Published on March 16, 2022
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Weakness Type
What is an Infinite Loop Vulnerability?
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.
CVE-2021-20257 has been classified to as an Infinite Loop vulnerability or weakness.
Products Associated with CVE-2021-20257
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-20257 are published in these products:
Exploit Probability
EPSS
0.08%
Percentile
22.65%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.