{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-14394", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T12:46:34.221Z", "dateReserved": "2020-06-17T00:00:00.000Z", "datePublished": "2022-08-17T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-03-14T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service."}], "affected": [{"vendor": "n/a", "product": "QEMU", "versions": [{"version": "QEMU 6.1.50", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908004"}, {"url": "https://gitlab.com/qemu-project/qemu/-/issues/646"}, {"name": "FEDORA-2022-22b1f8dae2", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}, {"name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-835", "cweId": "CWE-835"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:34.221Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908004", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/qemu-project/qemu/-/issues/646", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-22b1f8dae2", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}, {"name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:6.1.50:*:*:*:*:*:*:*", "matchCriteriaId": "66879931-CF82-46ED-B2AF-49FD91D895C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "542B31BD-5767-4B33-9201-40548D1223B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service."}, {"lang": "es", "value": "Se ha encontrado un fallo de bucle infinito en la emulaci\u00f3n del controlador USB xHCI de QEMU mientras es calculada la longitud del anillo de petici\u00f3n de transferencia (TRB). Este fallo permite a un usuario invitado privilegiado colgar el proceso de QEMU en el host, resultando en una denegaci\u00f3n de servicio."}], "id": "CVE-2020-14394", "lastModified": "2024-11-21T05:03:10.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-17T21:15:07.913", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908004"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://gitlab.com/qemu-project/qemu/-/issues/646"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://gitlab.com/qemu-project/qemu/-/issues/646"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Gaoning Pan (Zhejiang University) and Xingwei Li (Ant Security Light-Year Lab) for reporting this issue.", "bugzilla": {"description": "QEMU: infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c", "id": "1908004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908004"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-835", "details": ["An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.", "An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."], "name": "CVE-2020-14394", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "virt:rhel/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Fix deferred", "package_name": "virt:8.2/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Fix deferred", "package_name": "virt:8.3/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2020-12-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14394\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14394"], "statement": "This flaw has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}

{}