CVE-2020-27661

MEDIUM

QEMU - DoS

Title source: llm

Description

A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

References (5)

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1890653

[Patch] https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bea2a9e3e00b275dc40cfa09c760c715b8753e03

[Mailing List, Patch, Third Party Advisory] https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210720-0010/

[Mailing List] https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1770368.html

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 32.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Classification

CWE

CWE-369

Status published

Affected Products (1)

qemu/qemu < 5.1.1

Timeline

Published Jun 02, 2021

Tracked Since Feb 18, 2026