CVE-2020-27661

Published: Jun 2, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Affected (1)

Products: Qemu: Qemu

Qemu

1 product

Qemu

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 5.1.1

Related CWEs

CWE-369

Divide By Zero

The product divides a value by zero.

References (10)

https://bugzilla.redhat.com/show_bug.cgi?id=1890653

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bea2a9e3e00b275dc40cfa09c760c715b8753e03

Source: cve@mitre.org

https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20210720-0010/

Source: cve@mitre.org

Third Party Advisory

https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1770368.html

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=1890653