Main Vulnerability Database SB2023031732

SB2023031732 - Denial of service in QEMU

Published: March 17, 2023

Security Bulletin ID SB2023031732

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Infinite loop (CVE-ID: CVE-2020-14394)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. A privileged user on the guest OS can consume all available system resources and cause denial of service conditions of the QEMU process on the host.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1908004
https://gitlab.com/qemu-project/qemu/-/issues/646
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/
https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html