Back to search
CVE-2020-25723
Published: Dec 2, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
| Vendor | Product | Versions |
|---|---|---|
n/a | QEMU | affected qemu 5.2.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1898579
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20201218-0004/
x_refsource_CONFIRM
[oss-security] 20201222 CVE-2020-25723 QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now