Vulnerabilities > CVE-2020-25723 - Reachable Assertion vulnerability in multiple products

047910
CVSS 3.2 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW
local
low complexity
qemu
debian
CWE-617

Summary

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.

Vulnerable Configurations

Part Description Count
Application
Qemu
335
OS
Debian
1

Common Weakness Enumeration (CWE)