CVE-2020-14364
MEDIUMQEMU < 5.2.0 - Out-of-bounds Read/Write in USB Emulator
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2020-14364. PoCs published by gejian-iscas, y-f00l.
AI-analyzed exploit summary This PoC exploits CVE-2020-14364, a memory leak vulnerability in the Linux kernel's USB subsystem, to leak kernel memory addresses. It uses MMIO operations and USB device manipulation to trigger the vulnerability and extract sensitive information.
Description
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
Exploits (2)
This PoC exploits CVE-2020-14364, a memory leak vulnerability in the Linux kernel's USB subsystem, to leak kernel memory addresses. It uses MMIO operations and USB device manipulation to trigger the vulnerability and extract sensitive information.
This is a Linux kernel module exploit for CVE-2020-14364, targeting a use-after-free vulnerability in the UHCI USB controller emulation in QEMU. The exploit leverages DMA operations to achieve arbitrary read/write primitives and ultimately executes a system() call via a fake timer structure.
References (12)
Scores
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L