VDB
CVE-2020-14394
CVE-2020-14394
PUBLISHED
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
EPSS 0.03% · 7.6th percentile
Risk Scores
EPSS Score
0.03%
7.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | qemu | *, *, * |
| Ubuntu:Pro:16.04:LTS | qemu | 1:2.5+dfsg-5ubuntu10.47, 1:2.5+dfsg-5ubuntu10.48, 1:2.5+dfsg-5ubuntu10.49 |
| Ubuntu:22.04:LTS | qemu | 1:6.0+dfsg-2expubuntu1, *, 1:6.2+dfsg-2ubuntu6.15 |
| Ubuntu:Pro:14.04:LTS | qemu | 0, 1.5.0+dfsg-3ubuntu5, 1.6.0+dfsg-2ubuntu1 |
| Ubuntu:20.04:LTS | qemu | 1:4.0+dfsg-0ubuntu10, 0, * |
Exploit Intelligence
- https://bugzilla.redhat.com/show_bug.cgi?id=1908004 (nist-nvd)
- https://gitlab.com/qemu-project/qemu/-/issues/646 (nist-nvd)
- https://sourceware.org/bugzilla/show_bug.cgi?id=29255%20 (circl)
- CVE-2025-38347.yara (github-yara)
- CVE-2025-38347.yara (github-yara)
- CVE-2025-38347.yara (github-yara)
- CVE-2025-38347.yara (github-yara)
- CVE-2025-38347.yara (github-yara)
- CVE-2025-38347.yara (github-yara)
- CVE-2025-38219.yara (github-yara)
…and 209 more exploits
Timeline
- Jan 11, 2021 CVE Published
- Aug 18, 2022 EPSS Score
- Oct 3, 2022 EPSS Score
- Nov 18, 2022 EPSS Score
- Jan 3, 2023 EPSS Score
- Feb 18, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 4, 2023 EPSS Score
- May 20, 2023 EPSS Score
- Jul 5, 2023 EPSS Score
- Aug 20, 2023 EPSS Score
- Oct 5, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-14394 third-party-advisory
- https://ubuntu.com/security/notices/USN-6567-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-14394 third-party-advisory