CVE-2020-14364

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf[4096]' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

References

Affected packages

Git / github.com/qemu/qemu

Affected ranges

Type

GIT

Repo

https://github.com/qemu/qemu

Events

Introduced

Fixed

553032db17440f8de011390e5a1cfddd13751b0b

Introduced

Last affected

609d7596524ab204ccd71ef42c9eee4c7c338ea4

Introduced

Last affected

823a3f11fb8f04c3c3cc0f95f968fef1bfc6534f

Introduced

Last affected

c1eb2ddf0f8075faddc5f7c3d39feae3e8e9d6b4

Introduced

Last affected

c1eb2ddf0f8075faddc5f7c3d39feae3e8e9d6b4

Introduced

Last affected

c25df57ae8f9fe1c72eee2dab37d76d904ac382e

Introduced

Last affected

7c949c53e936aa3a658d84ab53bae5cadaa5d59c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.11.0-rc0

v0.12.0-rc0

v0.13.0-rc0

v0.14.0-rc0

v0.15.0-rc0

v0.2.0

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v1.*

v1.0

v1.0-rc0

v1.0-rc1

v1.0-rc2

v1.0-rc3

v1.0-rc4

v1.1-rc0

v1.1-rc1

v1.1-rc2

v1.1.0

v1.1.0-rc2

v1.1.0-rc3

v1.1.0-rc4

v1.2.0

v1.2.0-rc0

v1.2.0-rc1

v1.2.0-rc2

v1.2.0-rc3

v1.3.0

v1.3.0-rc0

v1.3.0-rc1

v1.3.0-rc2

v1.4.0

v1.4.0-rc0

v1.4.0-rc1

v1.4.0-rc2

v1.5.0

v1.5.0-rc0

v1.5.0-rc1

v1.5.0-rc2

v1.5.0-rc3

v1.6.0

v1.6.0-rc0

v1.6.0-rc1

v1.6.0-rc2

v1.6.0-rc3

v1.7.0

v1.7.0-rc0

v1.7.0-rc1

v1.7.0-rc2

v2.*

v2.0.0

v2.0.0-rc0

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.1.0

v2.1.0-rc0

v2.1.0-rc1

v2.1.0-rc2

v2.1.0-rc3

v2.1.0-rc4

v2.1.0-rc5

v2.10.0

v2.10.0-rc0

v2.10.0-rc1

v2.10.0-rc2

v2.10.0-rc3

v2.10.0-rc4

v2.11.0

v2.11.0-rc0

v2.11.0-rc1

v2.11.0-rc2

v2.11.0-rc3

v2.11.0-rc4

v2.11.0-rc5

v2.12.0

v2.12.0-rc0

v2.12.0-rc1

v2.12.0-rc2

v2.12.0-rc3

v2.12.0-rc4

v2.2.0

v2.2.0-rc0

v2.2.0-rc1

v2.2.0-rc2

v2.2.0-rc3

v2.2.0-rc4

v2.2.0-rc5

v2.3.0

v2.3.0-rc0

v2.3.0-rc1

v2.3.0-rc2

v2.3.0-rc3

v2.3.0-rc4

v2.4.0

v2.4.0-rc0

v2.4.0-rc1

v2.4.0-rc2

v2.4.0-rc3

v2.4.0-rc4

v2.5.0

v2.5.0-rc0

v2.5.0-rc1

v2.5.0-rc2

v2.5.0-rc3

v2.5.0-rc4

v2.6.0

v2.6.0-rc0

v2.6.0-rc1

v2.6.0-rc2

v2.6.0-rc3

v2.6.0-rc4

v2.6.0-rc5

v2.7.0

v2.7.0-rc0

v2.7.0-rc1

v2.7.0-rc2

v2.7.0-rc3

v2.7.0-rc4

v2.7.0-rc5

v2.8.0

v2.8.0-rc0

v2.8.0-rc1

v2.8.0-rc2

v2.8.0-rc3

v2.8.0-rc4

v2.9.0

v2.9.0-rc0

v2.9.0-rc1

v2.9.0-rc2

v2.9.0-rc3

v2.9.0-rc4

v2.9.0-rc5

v3.*

v3.0.0

v3.0.0-rc0

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.1.0

v3.1.0-rc0

v3.1.0-rc1

v3.1.0-rc2

v3.1.0-rc3

v3.1.0-rc4

v3.1.0-rc5

v4.*

v4.0.0

v4.0.0-rc0

v4.0.0-rc1

v4.0.0-rc2

v4.0.0-rc3

v4.0.0-rc4

v4.1.0

v4.1.0-rc0

v4.1.0-rc1

v4.1.0-rc2

v4.1.0-rc3

v4.1.0-rc4

v4.1.0-rc5

v4.2.0

v4.2.0-rc0

v4.2.0-rc1

v4.2.0-rc2

v4.2.0-rc3

v4.2.0-rc4

v4.2.0-rc5

v5.*

v5.0.0

v5.0.0-rc0

v5.0.0-rc1

v5.0.0-rc2

v5.0.0-rc3

v5.0.0-rc4

v5.1.0

v5.1.0-rc0

v5.1.0-rc1

v5.1.0-rc2

v5.1.0-rc3

v5.2.0-rc0

v5.2.0-rc1

v5.2.0-rc2

v5.2.0-rc3

v5.2.0-rc4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14364.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.04"
            }
        ]
    }
]