| Title | CVE-2020-14394 - An infinite loop issue was found in the USB xHCI controller emulation of QEMU |
|---|
| Description | An infinite loop issue was found in the USB xHCI controller emulation of QEMU. Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhci.c may get stuck while fetching TRBs from guest memory, since the exit conditions of the loop depend on values that are fully controlled by guest. A privileged guest user may exploit this issue to hang the QEMU process on the host, resulting in a denial of service.
|
|---|
| Source | ⚠️ https://bugzilla.redhat.com/show_bug.cgi?id=1908004 |
|---|
| User | CSieberg (UID 13359) |
|---|
| Submission | 01/13/2021 09:36 (5 years ago) |
|---|
| Moderation | 01/13/2021 13:46 (4 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 167798 [QEMU USB xHCI Controller Emulation hw/usb/hcd-xhci.c xhci_ring_chain_length denial of service] |
|---|
| Points | 17 |
|---|