Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 17 Sep 2020 15:43:46 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE-2020-25625 QEMU: usb: hcd-ohci: infinite loop issue while
 processing transfer descriptors

   Hello,

An infinite loop issue was found in the USB OHCI controller emulator of QEMU. 
It could occur while servicing OHCI isochronous transfer descriptors (TD) in 
ohci_service_iso_td routine, as it retires a TD if it has passed its time 
frame. While doing so it does not check if the TD was already processed ones 
and holds an error code in TD_CC. It may happen if the TD list has a loop.

A guest user/process may use this flaw to consume cpu cycles on the host 
resulting in a DoS scenario.

Upstream patch:
---------------
   -> https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html

'CVE-2020-25625' assigned via https://cveform.mitre.org/

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.