PT-2020-6485 · Qemu+9 · Qemu+9

Cheolwoo Myung

+1

·

Published

2020-11-18

·

Updated

2026-06-09

·

CVE-2020-25723

CVSS v3.1

6.4

Medium

VectorAV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)
Description A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALSA-2021:1762
ALT-PU-2020-3527
ALT-PU-2020-3559
ALT-PU-2021-1196
ALT-PU-2021-1880
ALT-PU-2021-1964
BDU:2021-05257
CESA-2021_1762
CVE-2020-25723
DLA-2469-1
DLA-3099-1
OPENSUSE-SU-2021:0600-1
OPENSUSE-SU-2021:1043-1
OPENSUSE-SU-2021:1942-1
OPENSUSE-SU-2021_0600-1
OPENSUSE-SU-2021_1043-1
OPENSUSE-SU-2021_1942-1
OPENSUSE-SU-2024:11287-1
RHSA-2021:0648
RHSA-2021:0771
RHSA-2021:1762
RHSA-2021_1762
RLSA-2021:1762
SUSE-SU-2020:14557-1
SUSE-SU-2020_14557-1
SUSE-SU-2021:1240-1
SUSE-SU-2021:1241-1
SUSE-SU-2021:1242-1
SUSE-SU-2021:1243-1
SUSE-SU-2021:1244-1
SUSE-SU-2021:1245-1
SUSE-SU-2021:1305-1
SUSE-SU-2021:14704-1
SUSE-SU-2021:14706-1
SUSE-SU-2021:1829-1
SUSE-SU-2021:1837-1
SUSE-SU-2021:1893-1
SUSE-SU-2021:1894-1
SUSE-SU-2021:1895-1
SUSE-SU-2021:1918-1
SUSE-SU-2021:1942-1
SUSE-SU-2021:1947-1
SUSE-SU-2021_14704-1
USN-4650-1
USN-8412-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Qemu
Red Hat
Rocky Linux
Suse
Ubuntu