CVE-2020-25723

Published: 12/2/2020 Last updated: 8/4/2024 Reserved: 9/16/2020

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (1)

Product	Vendor	Version
QEMU	n/a	Windows 10 Version 1709 for x64-based Systems

References (8)

https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=1898579
https://security.netapp.com/advisory/ntap-20201218-0004/
http://www.openwall.com/lists/oss-security/2020/12/22/1
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=1898579
https://security.netapp.com/advisory/ntap-20201218-0004/
http://www.openwall.com/lists/oss-security/2020/12/22/1