A divide-by-zero issue was found in QEMU in the dwc-hsotg (dwc2) USB host controller emulation. More specifically, HCCHAR_MPS was read from a device register and later used as divisor without performing any sanity check. This could allow a malicious/buggy guest to crash the QEMU process on the host, resulting in a denial of service.
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 1890654]
This flaw did not affect the following versions of QEMU as they did not include support for dwc2 USB host controller emulation:
* `qemu-kvm-ma` as shipped with Red Hat Enterprise Linux 7.
* `qemu-kvm-rhev` as shipped with Red Hat Virtualization and Red Hat OpenStack.
* `qemu-kvm` as shipped with Red Hat Enterprise Linux 6, 7, 8, and RHEL Advanced Virtualization.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
Name: Gaoning Pan (Ant Security Light-Year Lab), Xingwei Lin (Ant Security Light-Year Lab)