The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qemu | Qemu | * | 2.8.1.1 (including) |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | RedHat | qemu-kvm-rhev-10:2.9.0-10.el7 | * |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | RedHat | qemu-kvm-rhev-10:2.9.0-10.el7 | * |
| Red Hat OpenStack Platform 10.0 (Newton) | RedHat | qemu-kvm-rhev-10:2.9.0-10.el7 | * |
| Red Hat OpenStack Platform 11.0 (Ocata) | RedHat | qemu-kvm-rhev-10:2.9.0-10.el7 | * |
| Red Hat OpenStack Platform 8.0 (Liberty) | RedHat | qemu-kvm-rhev-10:2.9.0-10.el7 | * |
| Red Hat OpenStack Platform 9.0 (Mitaka) | RedHat | qemu-kvm-rhev-10:2.9.0-10.el7 | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | qemu-kvm-rhev-10:2.9.0-14.el7 | * |
| Qemu | Ubuntu | trusty | * |
| Qemu | Ubuntu | xenial | * |
| Qemu | Ubuntu | yakkety | * |
| Qemu-kvm | Ubuntu | precise | * |
| Qemu-kvm | Ubuntu | precise/esm | * |