Unrated severityNVD Advisory· Published Aug 31, 2020· Updated Aug 4, 2024
CVE-2020-14364
CVE-2020-14364
Description
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202009-14mitrevendor-advisoryx_refsource_GENTOO
- security.gentoo.org/glsa/202011-09mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4511-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4760mitrevendor-advisoryx_refsource_DEBIAN
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/09/msg00013.htmlmitremailing-listx_refsource_MLIST
- security.netapp.com/advisory/ntap-20200924-0006/mitrex_refsource_CONFIRM
- www.openwall.com/lists/oss-security/2020/08/24/2mitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2020/08/24/3mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.