Lucene search

K
f5F5F5:K09081535
HistoryDec 15, 2020 - 12:00 a.m.

K09081535 : QEMU vulnerability CVE-2020-14364

2020-12-1500:00:00
my.f5.com
27
qemu
vulnerability
usb emulator
out-of-bounds
denial of service
arbitrary code
big-ip
vcmp

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

30.2%

Security Advisory Description

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice ‘setup_len’ exceeds its ‘data_buf[4096]’ in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. (CVE-2020-14364)

Impact

A local attacker may be able to cause a denial of service (DoS) or execute arbitrary code on the host. This issue affects all BIG-IP platforms that support Virtual Clustered Multiprocessing (vCMP).