CVE-2020-14394

Summary

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

Affected Software

VendorProductVersion RangeStatus
n/aQEMUQEMU 6.1.50affected

Weaknesses

  • CWE-835: CWE-835

ADP Enrichment

CVE Program Container

Additional References

References