A security issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests via ehci_execute() in hw/usb/hcd-ehci.c. More specifically, DMA memory map failure was not properly detected leading to reachable assertion (CWE-617) in a later call of address_space_unmap() via usb_packet_unmap(). This was fixed in the following commit by checking the return value of usb_packet_map(). A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. Upstream fix: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6
Acknowledgments: Name: Cheolwoo Myung
Created qemu tracking bugs for this issue: Affects: epel-7 [bug 1898625] Affects: fedora-all [bug 1898624]
Statement: Releases of Red Hat OpenStack Platform versions 15 and newer consume fixes directly from the Red Hat Enterprise Linux 8 Advanced Virtualization repository.
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.2.1 Via RHSA-2021:0648 https://access.redhat.com/errata/RHSA-2021:0648
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25723
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0771 https://access.redhat.com/errata/RHSA-2021:0771
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1762 https://access.redhat.com/errata/RHSA-2021:1762