oss-sec mailing list archives
CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets
From: P J P <ppandit () redhat com>
Date: Mon, 24 Aug 2020 18:22:05 +0530 (IST)
Hello,An out-of-bounds read/write access issue was found in the USB emulator of the QEMU. It occurs while processing USB packets from a guest, when 'USBDevice->setup_len' exceeds the USBDevice->data_buf[4096], in do_token_{in,out} routines.
A guest user may use this flaw to crash the QEMU process resulting in DoS OR potentially execute arbitrary code with the privileges of the QEMU process on the host.
* Attached herein is an upstream patch from Gerd Hoffmann(CC'd) to fix this issue. * 'CVE-2020-14364' is assigned to this issue by Red Hat Inc. * This issue was independently reported by Ziming Zhang, Gonglei Arei and Yanyu Zhang(CC'd). Gonglei and Yanyu mentioned that the issue was found by Xiao Wei(CC'd). Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Attachment:
0001-usb-fix-setup-len-init.patch
Description:
Current thread:
- CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets P J P (Aug 24)