CVE-2020-14394
CVSS V2 None
CVSS V3 Low 3.2
Description
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
Overview
- CVE ID
- CVE-2020-14394
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2022-08-17T21:15:07
- Last Modified Date
- 2023-03-15T00:15:10
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:qemu:qemu:6.1.50:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
- Attack Vector
- LOCAL
- Attack Compatibility
- LOW
- Privileges Required
- HIGH
- User Interaction
- NONE
- Scope
- CHANGED
- Confidentiality Impact
- NONE
- Availability Impact
- LOW
- Base Score
- 3.2
- Base Severity
- LOW
- Exploitability Score
- 1.5
- Impact Score
- 1.4
References
| Reference URL | Reference Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1908004 | Exploit Issue Tracking Third Party Advisory |
| https://gitlab.com/qemu-project/qemu/-/issues/646 | Exploit Issue Tracking Patch Third Party Advisory |
| https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html | |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/ | Mailing List Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2020-14394 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14394 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-08-17 22:00:09 | Added to TrackCVE | |||
| 2022-12-14 05:13:41 | 2022-12-14T04:15:09 | CVE Modified Date | updated | |
| 2022-12-14 05:13:41 | Analyzed | Modified | Vulnerability Status | updated |
| 2022-12-14 05:13:41 | References | updated | ||
| 2022-12-19 04:27:29 | Modified | Undergoing Analysis | Vulnerability Status | updated |
| 2023-02-28 17:14:18 | 2023-02-28T15:28:31 | CVE Modified Date | updated | |
| 2023-02-28 17:14:18 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2023-03-15 00:15:52 | 2023-03-15T00:15:10 | CVE Modified Date | updated | |
| 2023-03-15 00:15:52 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-03-15 00:15:52 | References | updated |