CVE-2020-25723

Advisory lineage Upstream: 0 Downstream: 31

Downstream

DEBIAN-CVE-2020-25723 DLA-2469-1 DLA-3099-1 OPENSUSE-SU-2021:0600-1 OPENSUSE-SU-2021:1043-1 OPENSUSE-SU-2021:1942-1

Modified

Published: 02 Dec 2020, 00:52

Last modified:04 Aug 2024, 15:40

Vulnerability Summary

Overall Risk (default)

low

13/100

CVSS Score

3.2 LOW

v3.1 (nvd)

EPSS Score

0.04% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Dec 2020, 00:52

Published

Vulnerability first disclosed

04 Aug 2024, 15:40

Last Modified

Vulnerability information updated

Description

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.

CVSS Metrics

v3.1•LOW•Score: 3.2CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.04%• Percentile: 11%

Techniques & Countermeasures

CWE-617•Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Affected Systems

debian•debian_linux
10.0
qemu•qemu
≤ 5.1.1