| Titel | CVE-2020-14394 - An infinite loop issue was found in the USB xHCI controller emulation of QEMU |
|---|
| Beschreibung | An infinite loop issue was found in the USB xHCI controller emulation of QEMU. Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhci.c may get stuck while fetching TRBs from guest memory, since the exit conditions of the loop depend on values that are fully controlled by guest. A privileged guest user may exploit this issue to hang the QEMU process on the host, resulting in a denial of service.
|
|---|
| Quelle | ⚠️ https://bugzilla.redhat.com/show_bug.cgi?id=1908004 |
|---|
| Benutzer | CSieberg (UID 13359) |
|---|
| Einreichung | 13.01.2021 09:36 (vor 5 Jahren) |
|---|
| Moderieren | 13.01.2021 13:46 (4 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 167798 [QEMU USB xHCI Controller Emulation hw/usb/hcd-xhci.c xhci_ring_chain_length Denial of Service] |
|---|
| Punkte | 17 |
|---|