A divide-by-zero issue was found in QEMU in the dwc-hsotg (dwc2) USB host controller emulation. More specifically, HCCHAR_MPS was read from a device register and later used as divisor without performing any sanity check. This could allow a malicious/buggy guest to crash the QEMU process on the host, resulting in a denial of service. Upstream fix: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1890654]
Statement: This flaw did not affect the following versions of QEMU as they did not include support for dwc2 USB host controller emulation: * `qemu-kvm-ma` as shipped with Red Hat Enterprise Linux 7. * `qemu-kvm-rhev` as shipped with Red Hat Virtualization and Red Hat OpenStack. * `qemu-kvm` as shipped with Red Hat Enterprise Linux 6, 7, 8, and RHEL Advanced Virtualization.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27661
Acknowledgments: Name: Gaoning Pan (Ant Security Light-Year Lab), Xingwei Lin (Ant Security Light-Year Lab)