CVE-2020-14394

🗓️ 17 Aug 2022 00:00:00Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 153 Views

An infinite loop flaw in QEMU USB xHCI controller emulation allows a privileged guest to hang the host process, leading to denial of service

Reporter	Title	Published	Views	Family All 86
AstraLinux	Astra Linux - уязвимость в qemu	20 May 202605:53	–	astralinux
Circl	CVE-2020-14394	18 Aug 202200:40	–	circl
CNNVD	QEMU 安全漏洞	17 Aug 202200:00	–	cnnvd
Cvelist	CVE-2020-14394	17 Aug 202200:00	–	cvelist
Debian	[SECURITY] [DLA 3362-1] qemu security update	14 Mar 202321:01	–	debian
Debian CVE	CVE-2020-14394	17 Aug 202200:00	–	debiancve
Tenable Nessus	Debian dla-3362 : qemu - security update	15 Mar 202300:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.0 : qemu (EulerOS-SA-2022-2925)	4 Jan 202300:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.1 : qemu (EulerOS-SA-2022-2951)	28 Dec 202200:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2023-1212)	11 Jan 202300:00	–	nessus

NVD

Vulners

Node

qemu qemuMatch6.1.50

Node

fedoraproject extra_packages_for_enterprise_linuxMatch7.0

fedoraproject fedoraMatch33

fedoraproject fedoraMatch37

Node

redhat openstack_platformMatch10.0

redhat openstack_platformMatch13.0

redhat enterprise_linuxMatch5.0

redhat enterprise_linuxMatch6.0

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

[
  {
    "vendor": "n/a",
    "product": "QEMU",
    "versions": [
      {
        "version": "QEMU 6.1.50",
        "status": "affected"
      }
    ]
  }
]

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2023/03/msg00013.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/
gitlab	www.gitlab.com/qemu-project/qemu/-/issues/646

21 Nov 2024 05:03Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.13.2

EPSS0.00025

CWE-835