CVE-2020-14394 : An infinite loop flaw was found in the USB xHCI controller emulation of QEMU whi

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

Published 2022-08-17 21:15:08

Updated 2023-03-15 00:15:10

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-14394

Redhat » Enterprise Linux » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack Platform » Version: 10.0
cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack Platform » Version: 13.0
cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 37
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Extra Packages For Enterprise Linux » Version: 7.0
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Qemu » Qemu » Version: 6.1.50
cpe:2.3:a:qemu:qemu:6.1.50:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2020-14394

Top countries where our scanners detected CVE-2020-14394

Top open port discovered on systems with this issue 53

IPs affected by CVE-2020-14394 680,429

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2020-14394!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2020-14394

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-14394

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.2	LOW	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L	1.5	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2020-14394

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2020-14394

https://bugzilla.redhat.com/show_bug.cgi?id=1908004

Exploit;Issue Tracking;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/

[SECURITY] Fedora 37 Update: qemu-7.0.0-12.fc37 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html

[SECURITY] [DLA 3362-1] qemu security update

CVEs referencing this url
https://gitlab.com/qemu-project/qemu/-/issues/646

Infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c (CVE-2020-14394) (#646) · Issues · QEMU / QEMU · GitLab
Exploit;Issue Tracking;Patch;Third Party Advisory