Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.2
CVSSv3

CVE-2020-14394

Published: 17/08/2022 Updated: 07/11/2023
CVSS v3 Base Score: 3.2 | Impact Score: 1.4 | Exploitability Score: 1.5
VMScore: 0
Subscribe to Qemu

Vulnerability Summary

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu 6.1.50

fedoraproject fedora 33

fedoraproject extra packages for enterprise linux 7.0

fedoraproject fedora 37

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat enterprise linux 5.0

redhat enterprise linux 8.0

redhat openstack platform 13.0

redhat openstack platform 10.0

redhat enterprise linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-14394
Debian Bug report logs - #979677 CVE-2020-14394 Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 9 Jan 2021 22:57:01 UTC Severity: normal Tags: security, upst ...
Arch Linux Issues:
An infinite loop issue was found in the USB xHCI controller emulation of QEMU Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhcic may get stuck while fetching TRBs from guest memory, since the exit conditions of the loop depend on values that are fully controlled by guest A privileged guest user may exploit this issue to hang the ...

References

CWE-835https://bugzilla.redhat.com/show_bug.cgi?id=1908004https://gitlab.com/qemu-project/qemu/-/issues/646https://lists.debian.org/debian-lts-announce/2023/03/msg00013.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979677https://nvd.nist.govhttps://security.archlinux.org/CVE-2020-14394
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook