CVE-2021-3416
6.0 MEDIUMA potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0
Published: 2021-03-18 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.0 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
- CWE
- CWE-835
Affected products
| Vendor | Product |
|---|---|
| debian | debian_linux, enterprise_linux, fedora |
| fedoraproject | debian_linux, enterprise_linux, fedora |
| qemu | debian_linux, enterprise_linux, fedora |
| redhat | debian_linux, enterprise_linux, fedora |
Description
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3416
- [Patch]https://bugzilla.redhat.com/show_bug.cgi?id=1932827
- [Other]https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
- [Other]https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- [Other]https://security.gentoo.org/glsa/202208-27
- [Other]https://security.netapp.com/advisory/ntap-20210507-0002/
- [Patch]https://www.openwall.com/lists/oss-security/2021/02/26/1
- [Patch]https://bugzilla.redhat.com/show_bug.cgi?id=1932827
- [Other]https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
- [Other]https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- [Other]https://security.gentoo.org/glsa/202208-27
- [Other]https://security.netapp.com/advisory/ntap-20210507-0002/
- [Patch]https://www.openwall.com/lists/oss-security/2021/02/26/1
Related CVEs
Same vendor
- CVE-2026-1767 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
- CVE-2026-1766 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
- CVE-2026-11793 — A stack buffer overflow flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11790 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11789 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
Same CWE
- CVE-2026-48733 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.7 MEDIUM)
- CVE-2026-46521 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-46522 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
- CVE-2026-49495 — Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection ... (5.5 MEDIUM)
- CVE-2025-71330 — image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event l... (7.5 HIGH)