Description
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html
Exploit, Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1908004
Exploit, Issue Tracking, Patch, Third Party Advisory
https://gitlab.com/qemu-project/qemu/-/issues/646
Scores
CVSS v3
3.2
EPSS
0.0003
EPSS Percentile
7.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
Details
CWE
CWE-835
Status
published
Products (11)
fedoraproject/extra_packages_for_enterprise_linux
7.0
fedoraproject/fedora
33
fedoraproject/fedora
37
qemu/qemu
6.1.50
redhat/enterprise_linux
5.0
redhat/enterprise_linux
6.0
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
redhat/openstack_platform
10.0
... and 1 more
Published
Aug 17, 2022
Tracked Since
Feb 18, 2026