An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1908004 | Exploit Issue Tracking Third Party Advisory |
https://gitlab.com/qemu-project/qemu/-/issues/646 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-08-17T00:00:00
Updated: 2023-03-14T00:00:00
Reserved: 2020-06-17T00:00:00
Link: CVE-2020-14394
JSON object: View
NVD Information
Status : Modified
Published: 2022-08-17T21:15:07.913
Modified: 2023-11-07T03:17:13.193
Link: CVE-2020-14394
JSON object: View
Redhat Information
No data.
CWE