VDB

CVE-2020-14394

CVE-2020-14394 PUBLISHED

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

EPSS 0.03% · 7.6th percentile

Risk Scores

EPSS Score
0.03%
7.6th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:18.04:LTSqemu*, *, *
Ubuntu:Pro:16.04:LTSqemu1:2.5+dfsg-5ubuntu10.47, 1:2.5+dfsg-5ubuntu10.48, 1:2.5+dfsg-5ubuntu10.49
Ubuntu:22.04:LTSqemu1:6.0+dfsg-2expubuntu1, *, 1:6.2+dfsg-2ubuntu6.15
Ubuntu:Pro:14.04:LTSqemu0, 1.5.0+dfsg-3ubuntu5, 1.6.0+dfsg-2ubuntu1
Ubuntu:20.04:LTSqemu1:4.0+dfsg-0ubuntu10, 0, *

Timeline

  • Jan 11, 2021 CVE Published
  • Aug 18, 2022 EPSS Score
  • Oct 3, 2022 EPSS Score
  • Nov 18, 2022 EPSS Score
  • Jan 3, 2023 EPSS Score
  • Feb 18, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 4, 2023 EPSS Score
  • May 20, 2023 EPSS Score
  • Jul 5, 2023 EPSS Score
  • Aug 20, 2023 EPSS Score
  • Oct 5, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›