| Título | CVE-2020-14394 - An infinite loop issue was found in the USB xHCI controller emulation of QEMU |
|---|
| Descrição | An infinite loop issue was found in the USB xHCI controller emulation of QEMU. Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhci.c may get stuck while fetching TRBs from guest memory, since the exit conditions of the loop depend on values that are fully controlled by guest. A privileged guest user may exploit this issue to hang the QEMU process on the host, resulting in a denial of service.
|
|---|
| Fonte | ⚠️ https://bugzilla.redhat.com/show_bug.cgi?id=1908004 |
|---|
| Utilizador | CSieberg (UID 13359) |
|---|
| Submissão | 13/01/2021 09h36 (há 5 anos) |
|---|
| Moderação | 13/01/2021 13h46 (4 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 167798 [QEMU USB xHCI Controller Emulation hw/usb/hcd-xhci.c xhci_ring_chain_length Negação de Serviço] |
|---|
| Pontos | 17 |
|---|