CVE-2020-25624 log

Source
Severity Medium
Remote No
Type Arbitrary code execution
Description
A flaw was found in QEMU before version 5.2.0. An out-of-bounds read/write access issue was found in the USB OHCI controller emulator. The issue could occur while servicing transfer descriptors (TD), as OHCI controller derives variables 'start_addr', 'end_addr', and 'len' from values supplied by the host controller driver. The host controller driver may supply values such that using these variables leads to an out-of-bounds access issue leading to a guest user/process using this flaw to crash the QEMU process on the host resulting in a denial of service (DoS) scenario. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Group Package Affected Fixed Severity Status Ticket
AVG-1300 qemu 5.1.0-3 5.2.0-1 Medium Fixed FS#68356
Date Advisory Group Package Severity Type
16 Dec 2020 ASA-202012-26 AVG-1300 qemu Medium multiple issues
References
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1328fe0c32d5474604105b8105310e944976b058