A vulnerability was found in QEMU 5.0.0 (Virtualization Software). It has been rated as problematic. Affected by this issue is an unknown code block of the file hw/usb/hcd-ohci.c of the component TD List Handler.

The manipulation as part of a Infinite Loop leads to a denial of service vulnerability (Loop). Using CWE to declare the problem leads to CWE-835 . Impacted is availability.

QEMU (short for Quick EMUlator is a free and open-source emulator and virtualizer that can perform hardware virtualization.

QEMU is a hosted virtual machine monitor: it emulates the machine’s processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest operating systems.

It also can be used with KVM to run virtual machines at near-native speed (by taking advantage of hardware extensions such as Intel VT-x). QEMU can also do emulation for user-level processes, allowing applications compiled for one architecture to run on another.

The weakness was released 09/25/2020 (oss-sec). The advisory is shared for download at openwall.com . This vulnerability is handled as CVE-2020-25625 since 09/16/2020.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

error: Content is protected !!