Denial of Service Vulnerability in QEMU's xhci_ring_fetch Function

Denial of Service Vulnerability in QEMU's xhci_ring_fetch Function

CVE-2016-8576 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

Learn more about our Web Application Penetration Testing UK.