qemu -- denial of service vulnerability in USB EHCI emulation support
Prasad J Pandit, Red Hat Product Security Team, reports:
Qemu emulator built with the USB EHCI emulation support is
vulnerable to an infinite loop issue. It occurs during communication
between host controller interface(EHCI) and a respective device
driver. These two communicate via a isochronous transfer descriptor
list(iTD) and an infinite loop unfolds if there is a closed loop in
A privileges user inside guest could use this flaw to consume
excessive CPU cycles & resources on the host.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright