An use-after-free issue was found in USB(xHCI/eHCI) controller emulators of QEMU. It occurs while setting up USB packet, as usb_packet_map() routine may return an error, which was not checked. A guest user/process may use this flaw to crash the QEMU process resulting in DoS scenario. Upstream patches: ----------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html -> https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html Reference: ---------- -> https://www.openwall.com/lists/oss-security/2020/09/16/5
Acknowledgments: Name: Sergej Schumilo (Ruhr-University Bochum), Cornelius Aschermann (Ruhr-University Bochum), Simon Wrner (Ruhr-University Bochum)
External References: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fxhci_uaf_2
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1879653] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1879654]
Statement: In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP qemu-kvm-rhev package.