← Back

CVE-2020-14394

nvd nist
Published: Aug 17, 2022Modified: Nov 21, 2024

JSON object

Loading...
3.2
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
Exploitability: 1.5 / Impact: 1.4
Source: NVD

Description

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

Affected (11)

Qemu
1 product
Qemu
Fedoraproject
2 products
Extra Packages For Enterprise Linux
Fedora
Redhat
2 products
Enterprise Linux
Openstack Platform
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Qemu
Version 6.1.50
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Extra Packages For Enterprise Linux
Version 7.0
Fedoraproject
Fedora
Version 33
Fedora
Version 37
Configuration C
7 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 5.0
Enterprise Linux
Version 6.0
Enterprise Linux
Version 7.0
Enterprise Linux
Version 8.0
Enterprise Linux
Version 9.0
Redhat
Openstack Platform
Version 10.0
Openstack Platform
Version 13.0

Related CWEs

CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (8)

Source: secalert@redhat.com
ExploitIssue TrackingThird Party Advisory
Source: secalert@redhat.com
ExploitIssue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.