CVE-2020-25624 — Out-of-bounds Read in Qemu
Severity
5.0MEDIUMNVD
OSV6.3
EPSS
0.0%
top 90.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 30
Latest updateMay 24
Description
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:LExploitability: 0.8 | Impact: 3.7
Affected Packages4 packages
Also affects: Debian Linux 10.0
Patches
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2020-25624 qemu: usb: hcd-ohci: out-of-bound access issue while processing transfer descriptors [fedora-all]↗2020-09-17
Bugzilla▶
CVE-2020-25624 QEMU: usb: hcd-ohci: out-of-bound access issue while processing transfer descriptors↗2020-09-17
Bugzilla▶
CVE-2020-25624 xen: QEMU: usb: hcd-ohci: out-of-bound access issue while processing transfer descriptors [fedora-all]↗2020-09-17