An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2020-08-31T17:11:52
Updated: 2024-08-04T12:46:34.192Z
Reserved: 2020-06-17T00:00:00
Link: CVE-2020-14364
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-08-31T18:15:12.827
Modified: 2023-11-07T03:17:11.270
Link: CVE-2020-14364
Redhat