CVE-2020-25625 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Denial of service
Description	An infinite loop issue was found in the USB OHCI controller emulator of QEMU before version 5.2.0. It could occur while servicing OHCI isochronous transfer descriptors (TD) in ohci_service_iso_td routine, as it retires a TD if it has passed its time frame. While doing so it does not check if the TD was already processed ones and holds an error code in TD_CC. It may happen if the TD list has a loop. A guest user/process may use this flaw to consume cpu cycles on the host resulting in a DoS scenario.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1300	qemu	5.1.0-3	5.2.0-1	Medium	Fixed	FS#68356

Date	Advisory	Group	Package	Severity	Type
16 Dec 2020	ASA-202012-26	AVG-1300	qemu	Medium	multiple issues

References
https://www.openwall.com/lists/oss-security/2020/09/17/1 https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f