14 lines
1.4 KiB
JSON
14 lines
1.4 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1918",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1918",
|
|
"title": "An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Low",
|
|
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\n\n\t\tQEMU has two operating modes:\n\n\t\tFull system emulation. In this mode, QEMU emulates a full system (for example a PC),\n\t\tincluding one or several processors and various peripherals. It can be used to launch\n\t\tdifferent Operating Systems without rebooting the PC or to debug system code.\n\n\t\tUser mode emulation. In this mode, QEMU can launch processes compiled for one CPU on another CPU.\n\t\tIt can be used to launch the Wine Windows API emulator (https://www.winehq.org) or to ease\n\t\tcross-compilation and cross-debugging.\n\t\tYou can refer to https://www.qemu.org for more infortmation.\n\r\n\r\nSecurity Fix(es):\r\n\r\nAn infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.(CVE-2020-14394)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2020-14394",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14394",
|
|
"severity": "Low"
|
|
}
|
|
]
|
|
} |