QwikSec

Security Database

CVE

CWE

Training

CVE-2020-14394

Published: Aug 17, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

Vendor	Product	Versions
n/a	QEMU	affected `QEMU 6.1.50`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1908004

https://gitlab.com/qemu-project/qemu/-/issues/646

FEDORA-2022-22b1f8dae2

vendor-advisory

[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.