Lucene search

K
osvGoogleOSV:USN-4511-1
HistorySep 17, 2020 - 11:10 a.m.

qemu vulnerability

2020-09-1711:10:51
Google
osv.dev
14
qemu
usb packets
denial of service
arbitrary code execution
libvirt
apparmor profile

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

30.2%

Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU
incorrectly handled certain USB packets. An attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service, or
possibly execute arbitrary code on the host. In the default installation,
when QEMU is used with libvirt, attackers would be isolated by the libvirt
AppArmor profile.