An infinite loop issue was found in the USB OHCI controller emulator of QEMU. It could occur while servicing OHCI isochronous transfer descriptors (TD) in ohci_service_iso_td routine, as it retires a TD if it has passed its time frame. While doing so it does not check if the TD was already processed ones and holds an error code in TD_CC. It may happen if the TD list has a loop. A guest user/process may use this flaw to consume cpu cycles on the host resulting in a DoS scenario.
An infinite loop issue was found in the USB OHCI controller emulator of QEMU. It could occur while servicing OHCI isochronous transfer descriptors (TD) in ohci_service_iso_td routine, as it retires a TD if it has passed its time frame. While doing so it does not check if the TD was already processed ones and holds an error code in TD_CC. It may happen if the TD list has a loop. A guest user/process may use this flaw to consume cpu cycles on the host resulting in a DoS scenario.
https://www.openwall.com/lists/oss-security/2020/09/17/1 https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f
Vulmon