An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-08-31T17:11:52

Updated: 2024-08-04T12:46:34.192Z

Reserved: 2020-06-17T00:00:00

Link: CVE-2020-14364

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-08-31T18:15:12.827

Modified: 2024-11-21T05:03:05.880

Link: CVE-2020-14364

cve-icon Redhat

Severity : Important

Publid Date: 2020-08-24T12:00:00Z

Links: CVE-2020-14364 - Bugzilla