CVE-2020-14394 - OpenCVE

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Openstack Platform
Fedoraproject	Extra Packages For Enterprise Linux Fedora
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:6.1.50:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:openstack_platform:10.0:::::::*
	cpe:2.3:a:redhat:openstack_platform:13.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1908004	Exploit Issue Tracking Third Party Advisory
https://gitlab.com/qemu-project/qemu/-/issues/646	Exploit Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-17T00:00:00

Updated: 2023-03-14T00:00:00

Reserved: 2020-06-17T00:00:00

Link: CVE-2020-14394

JSON object: View

NVD Information

Status : Modified

Published: 2022-08-17T21:15:07.913

Modified: 2023-11-07T03:17:13.193

Link: CVE-2020-14394

JSON object: View

Redhat Information

No data.

CWE

CWE-835

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:6.1.50:*:*:*:*:*:*:*", "matchCriteriaId": "66879931-CF82-46ED-B2AF-49FD91D895C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "542B31BD-5767-4B33-9201-40548D1223B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service."}, {"lang": "es", "value": "Se ha encontrado un fallo de bucle infinito en la emulaci\u00f3n del controlador USB xHCI de QEMU mientras es calculada la longitud del anillo de petici\u00f3n de transferencia (TRB). Este fallo permite a un usuario invitado privilegiado colgar el proceso de QEMU en el host, resultando en una denegaci\u00f3n de servicio."}], "id": "CVE-2020-14394", "lastModified": "2023-11-07T03:17:13.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-17T21:15:07.913", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908004"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://gitlab.com/qemu-project/qemu/-/issues/646"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-835"}], "source": "secalert@redhat.com", "type": "Secondary"}]}