CVE-2020-25723 - OpenCVE

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2020/12/22/1	Mailing List Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1898579	Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20201218-0004/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2020-12-02T00:52:10

Updated: 2022-09-05T05:06:34

Reserved: 2020-09-16T00:00:00

Link: CVE-2020-25723

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-12-02T01:15:12.733

Modified: 2022-09-30T19:19:34.610

Link: CVE-2020-25723

JSON object: View

Redhat Information

No data.

CWE

CWE-617

{"containers": {"cna": {"affected": [{"product": "QEMU", "vendor": "n/a", "versions": [{"status": "affected", "version": "qemu 5.2.0"}]}], "descriptions": [{"lang": "en", "value": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-617", "description": "CWE-617", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-05T05:06:34", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898579"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20201218-0004/"}, {"name": "[oss-security] 20201222 CVE-2020-25723 QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/12/22/1"}, {"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-25723", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "QEMU", "version": {"version_data": [{"version_value": "qemu 5.2.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-617"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898579", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898579"}, {"name": "https://security.netapp.com/advisory/ntap-20201218-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20201218-0004/"}, {"name": "[oss-security] 20201222 CVE-2020-25723 QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/12/22/1"}, {"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-25723", "datePublished": "2020-12-02T00:52:10", "dateReserved": "2020-09-16T00:00:00", "dateUpdated": "2022-09-05T05:06:34", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "37A49175-42F7-433A-82A0-59D9A969E731", "versionEndIncluding": "5.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 un problema de aserci\u00f3n alcanzable en el c\u00f3digo de emulaci\u00f3n USB EHCI de QEMU. Podr\u00eda ocurrir mientras se procesan las peticiones USB debido a una falta de manejo del fallo del mapa de memoria DMA. Un usuario privilegiado malicioso dentro del invitado puede abusar de este fallo para enviar peticiones USB falsas y bloquear el proceso QEMU en el host, resultando en una denegaci\u00f3n de servicio"}], "id": "CVE-2020-25723", "lastModified": "2022-09-30T19:19:34.610", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-02T01:15:12.733", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/12/22/1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898579"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20201218-0004/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Secondary"}]}