Description
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1890653
Issue TrackingPatchThird Party Advisory
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html
Mailing ListPatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20210720-0010/
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2021-06-02T16:15:08.320
4 years agoLast modified
2023-11-07T03:20:58.273
1 year ago