Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx

🗓️ 01 Aug 2017 21:17:55Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 2 Views

QEMU USB controller issue where privileged guests can crash QEMU via control transfer descriptor loops.

Reporter	Title	Published	Views	Family All 98
CNVD	QEMU 'hw/usb/hcd-xhci.c' Denial of Service Vulnerability	17 Feb 201700:00	–	cnvd
CVE	CVE-2017-5973	27 Mar 201715:00	–	cve
Cvelist	CVE-2017-5973	27 Mar 201715:00	–	cvelist
Debian	[SECURITY] [DLA 1497-1] qemu security update	6 Sep 201818:49	–	debian
Debian	[SECURITY] [DLA 842-1] qemu-kvm security update	28 Feb 201722:09	–	debian
Debian	[SECURITY] [DLA 845-1] qemu security update	1 Mar 201719:51	–	debian
Debian CVE	CVE-2017-5973	27 Mar 201715:00	–	debiancve
Tenable Nessus	Debian DLA-1497-1 : qemu security update (Spectre)	7 Sep 201800:00	–	nessus
Tenable Nessus	Debian DLA-842-1 : qemu-kvm security update	1 Mar 201700:00	–	nessus
Tenable Nessus	Debian DLA-845-1 : qemu security update	2 Mar 201700:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	x86_64	qemu-img-rhev	10:2.9.0-10.el7	qemu-img-rhev-10:2.9.0-10.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	qemu-kvm-common-rhev	10:2.9.0-10.el7	qemu-kvm-common-rhev-10:2.9.0-10.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	qemu-kvm-rhev	10:2.9.0-10.el7	qemu-kvm-rhev-10:2.9.0-10.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	qemu-kvm-rhev-debuginfo	10:2.9.0-10.el7	qemu-kvm-rhev-debuginfo-10:2.9.0-10.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	qemu-kvm-tools-rhev	10:2.9.0-10.el7	qemu-kvm-tools-rhev-10:2.9.0-10.el7.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2017-5973
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-5973
cve	www.cve.org/CVERecord

13 May 2026 01:49Current

7.3High risk

Vulners AI Score7.3

CVSS 22.1

CVSS 3.15.5

EPSS0.00456

usb controller control transfer denial of service privileged guest