| 제목 | CVE-2020-14394 - An infinite loop issue was found in the USB xHCI controller emulation of QEMU |
|---|
| 설명 | An infinite loop issue was found in the USB xHCI controller emulation of QEMU. Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhci.c may get stuck while fetching TRBs from guest memory, since the exit conditions of the loop depend on values that are fully controlled by guest. A privileged guest user may exploit this issue to hang the QEMU process on the host, resulting in a denial of service.
|
|---|
| 원천 | ⚠️ https://bugzilla.redhat.com/show_bug.cgi?id=1908004 |
|---|
| 사용자 | CSieberg (UID 13359) |
|---|
| 제출 | 2021. 01. 13. AM 09:36 (5 연령 ago) |
|---|
| 모더레이션 | 2021. 01. 13. PM 01:46 (4 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 167798 [QEMU USB xHCI Controller Emulation hw/usb/hcd-xhci.c xhci_ring_chain_length 서비스 거부] |
|---|
| 포인트들 | 17 |
|---|