CVE-2020-14394 log

Severity Low
Remote No
Type Denial of service
An infinite loop issue was found in the USB xHCI controller emulation of QEMU. Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhci.c may get stuck while fetching TRBs from guest memory, since the exit conditions of the loop depend on values that are fully controlled by guest. A privileged guest user may exploit this issue to hang the QEMU process on the host, resulting in a denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-1898 qemu 6.1.0-5 Medium Unknown