99 matches found
kernel: xhci: Remove device endpoints from bandwidth list when freeing the device
A null pointer/list corruption flaw was found in the Linux kernel USB xHCI host controller code. When the xHCI host is dying or being removed, some device endpoints may remain on the software bandwidth list. Later cleanup deletes entries that were already freed, corrupting the list and crashing t...
SUSE CVE-2023-4010
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...
CVE-2023-4010
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...
CVE-2023-4010
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...
CVE-2023-4010 Kernel: usb: hcd: malformed usb descriptor leads to infinite loop in usb_giveback_urb()
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...
kernel: usb: xhci_plat_remove: avoid NULL dereference
In the Linux kernel, the following vulnerability has been resolved: usb: xhciplatremove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a "usb: host: xhci-plat: omit shared hcd if either root hub has no ports" xhci-sharedhcd can be NULL, which causes the following Oops...
SUSE CVE-2014-5263
vmstatexhcievent in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATEENDOFLIST macro, which allows attackers to cause a denial of service out-of-bounds access, infinite loop, and memory corruption and possibly gain privileges via unspecified vectors...
PT-2023-34856 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.165 Description: The issue concerns the xhci component of the Linux Kernel, where an endpoint is not properly validated before being dereferenced. This could potentially lead to security vulnerabilities,...
PT-2025-49731
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to out-of-bound memory access within the xhci-dbc driver. Specifically, if the xdbc bulk write function fails, the buffer used by the xdbc trace...
Oracle Linux 7 : qemu (ELSA-2021-9335)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9335 advisory. - e1000: fail early for evil descriptor Jason Wang Orabug: 32560552 CVE-2021-20257 - Document CVE-2020-27661 as fixed Mark Kanda Orabug: 32960200...
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service.
...
QEMU 数字错误漏洞
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A code issue vulnerability exists in QEMU, which stems from a found a division by zero issue in the dwc2handlepacket handler package in the...
CVE-2020-27661
A divide-by-zero flaw was found in QEMU in the dwc-hsotg dwc2 USB host controller emulation. More specifically, HCCHARMPS was read from a device register and later used as a divisor without performing a sanity check. This flaw allows a malicious or buggy guest to crash the QEMU process on the hos...
PT-2020-6461
Name of the Vulnerable Software and Affected Versions QEMU version 5.0.0 Description The issue is related to the hw/usb/hcd-ohci.c component in the QEMU hardware emulator, which can lead to an infinite loop when a TD list has a loop. This can cause a denial of service. Recommendations For QEMU...
Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...
UBUNTU-CVE-2017-9330
QEMU aka Quick Emulator before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service infinite loop by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505...
DEBIAN-CVE-2017-5973
The xhcikickepctx function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service infinite loop and QEMU process crash via vectors related to control transfer descriptor sequence...
ALPINE-CVE-2016-7995
Memory leak in the ehciprocessitd function in hw/usb/hcd-ehci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption via a large number of crafted buffer page select PG indexes...
QEMU 'hw/usb/hcd-ohci.c' Denial of Service Vulnerability
QEMU is a suite of analog processor software. A security vulnerability in QEMU 'hw/usb/hcd-ohci.c' allows attackers to exploit the vulnerability to crash the QEMU process and cause a denial of service...