CVE-2020-14394 log
Source |
|
Severity | Low |
Remote | No |
Type | Denial of service |
Description | An infinite loop issue was found in the USB xHCI controller emulation of QEMU. Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhci.c may get stuck while fetching TRBs from guest memory, since the exit conditions of the loop depend on values that are fully controlled by guest. A privileged guest user may exploit this issue to hang the QEMU process on the host, resulting in a denial of service. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1898 | qemu | 6.1.0-5 | Medium | Unknown |
References |
---|
https://bugzilla.redhat.com/show_bug.cgi?id=1908004 |