Bug 1879652 (CVE-2020-25084) - CVE-2020-25084 QEMU: usb: use-after-free issue while setting up packet
Summary: CVE-2020-25084 QEMU: usb: use-after-free issue while setting up packet
Alias: CVE-2020-25084
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1879653 1879654 1879656 1879657 1879658 1879659 1879660 1879661 1879662 1879663 1910679
Blocks: 1850259
TreeView+ depends on / blocked
Reported: 2020-09-16 18:01 UTC by Prasad Pandit
Modified: 2021-12-15 12:05 UTC (History)
33 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the USB(xHCI/eHCI) controller emulators of QEMU. This flaw occurs while setting up the USB packet as a usb_packet_map() routine and returns an error that was not checked. This flaw allows a guest user or process to crash the QEMU process, resulting in a denial of service.
Clone Of:
Last Closed: 2021-12-15 12:05:18 UTC

Attachments (Terms of Use)

Description Prasad Pandit 2020-09-16 18:01:17 UTC
An use-after-free issue was found in USB(xHCI/eHCI) controller emulators of QEMU. It occurs while setting up USB packet, as usb_packet_map() routine may return an error, which was not checked. A guest user/process may use this flaw to crash the QEMU process resulting in DoS scenario.

Upstream patches:
  -> https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html
  -> https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html

  -> https://www.openwall.com/lists/oss-security/2020/09/16/5

Comment 1 Prasad Pandit 2020-09-16 18:01:28 UTC

Name: Sergej Schumilo (Ruhr-University Bochum), Cornelius Aschermann (Ruhr-University Bochum), Simon Wrner (Ruhr-University Bochum)

Comment 2 Prasad Pandit 2020-09-16 18:01:32 UTC
External References:


Comment 3 Prasad Pandit 2020-09-16 18:02:06 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1879653]

Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1879654]

Comment 6 Nick Tait 2021-03-02 20:15:23 UTC

In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP qemu-kvm-rhev package.

Note You need to log in before you can comment on or make changes to this bug.