#VU73788 Infinite loop in QEMU
Vulnerability identifier: #VU73788
Vulnerability risk: Medium
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
QEMU
Client/Desktop applications /
Virtualization software
Vendor: QEMU
Description
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. A privileged user on the guest OS can consume all available system resources and cause denial of service conditions of the QEMU process on the host.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
QEMU: All versions
CPE
External links
http://bugzilla.redhat.com/show_bug.cgi?id=1908004
http://gitlab.com/qemu-project/qemu/-/issues/646
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/
http://lists.debian.org/debian-lts-announce/2023/03/msg00013.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
