CVE-2020-25723

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.

Published: Dec 2, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-25723
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.2
AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-617

Affected Software
References

Software	From	Fixed in
qemu / qemu	-	5.1.1.x
debian / debian_linux	10.0	10.0.x

http://www.openwall.com/lists/oss-security/2020/12/22/1
https://bugzilla.redhat.com/show_bug.cgi?id=1898579
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
https://security.netapp.com/advisory/ntap-20201218-0004/

Vulnerability Database

CVE-2020-25723