A stack overflow via infinite recursion issue was found in the eepro100 i8255x device emulator of QEMU. It could occur while processing controller commands due to DMA re-entrancy issue. A guest user/process may use this flaw to consume cpu cycles or crash the QEMU process on the host resulting in DoS scenario. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
Acknowledgments: Name: Sergej Schumilo (Ruhr-University Bochum), Cornelius Aschermann (Ruhr-University Bochum), Simon Werner (Ruhr-University Bochum)
External References: https://www.openwall.com/lists/oss-security/2021/02/25/1 https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1930647] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1930648]
Statement: This issue does not affect the version of the qemu-kvm package shipped with Red Hat Enterprise Linux 7 and 8. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates of the Red Hat Enterprise Linux 6. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.