CVE-2020-14364 log

Severity Medium
Remote No
Type Arbitrary code execution
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
Group Package Affected Fixed Severity Status Ticket
AVG-1300 qemu 5.1.0-3 5.2.0-1 Medium Fixed FS#68356
Date Advisory Group Package Severity Type
16 Dec 2020 ASA-202012-26 AVG-1300 qemu Medium multiple issues