PT-2020-6462 · Qemu+5 · Qemu+5

Published

2020-08-15

Updated

2026-06-09

CVE-2020-25624

CVSS v3.1

5.0

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions QEMU version 5.0.0

Description The issue is related to a buffer over-read in the QEMU hardware emulation, specifically in the hw/usb/hcd-ohci.c file. This can allow an attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability is caused by a stack-based buffer over-read via values obtained from the host controller driver.

Recommendations For QEMU version 5.0.0, consider disabling the hw/usb/hcd-ohci.c module to minimize the risk of exploitation until a patch is available. Restrict access to the vulnerable hcd-ohci controller to prevent potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-2595

BDU:2021-05151

CVE-2020-25624

DLA-2469-1

DLA-3099-1

OPENSUSE-SU-2021:0600-1

OPENSUSE-SU-2021_0600-1

SUSE-SU-2021:1240-1

SUSE-SU-2021:1241-1

SUSE-SU-2021:1242-1

SUSE-SU-2021:1243-1

SUSE-SU-2021:1244-1

SUSE-SU-2021:1245-1

SUSE-SU-2021:1305-1

SUSE-SU-2021:14704-1

SUSE-SU-2021:14706-1

SUSE-SU-2021_14704-1

USN-4650-1

USN-8412-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Qemu

Suse

Ubuntu

PT-2020-6462 · Qemu+5 · Qemu+5

CVE-2020-25624

Weakness Enumeration

Related Identifiers

Affected Products

References · 166