CVE-2020-14394

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DEBIAN-CVE-2020-14394 DLA-3362-1 SUSE-SU-2023:0761-1 SUSE-SU-2023:0840-1 SUSE-SU-2023:0879-1 SUSE-SU-2023:0879-2

Modified

Published: 17 Aug 2022, 00:00

Last modified:04 Aug 2024, 12:46

Vulnerability Summary

Overall Risk (default)

low

23/100

CVSS Score

3.2 LOW

v3.1 (nvd)

EPSS Score

0.03% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

2 found

Dark Web

Not detected

Timeline

17 Aug 2022, 00:00

Published

Vulnerability first disclosed

04 Aug 2024, 12:46

Last Modified

Vulnerability information updated

Description

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

CVSS Metrics

v3.1•LOW•Score: 3.2CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

EPSS Trends

Current EPSS score: 0.03%• Percentile: 8%

Techniques & Countermeasures

CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

fedoraproject•extra_packages_for_enterprise_linux
7.0
fedoraproject•fedora
33 | 37
qemu•qemu
6.1.50
redhat•enterprise_linux
5.0 | 6.0 | 7.0 | 8.0 | 9.0
redhat•openstack_platform
10.0 | 13.0