vulnerability
Arch Linux: Denial of service (CVE-2020-25625)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:M/Au:N/C:N/I:N/A:C) | Sep 25, 2020 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:L/AC:M/Au:N/C:N/I:N/A:C)
Published
Sep 25, 2020
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
An infinite loop issue was found in the USB OHCI controller emulator of QEMU before version 5.2.0. It could occur while servicing OHCI isochronous transfer descriptors (TD) in ohci_service_iso_td routine, as it retires a TD if it has passed its time frame. While doing so it does not check if the TD was already processed ones and holds an error code in TD_CC. It may happen if the TD list has a loop.
A guest user/process may use this flaw to consume cpu cycles on the host resulting in a DoS scenario.
A guest user/process may use this flaw to consume cpu cycles on the host resulting in a DoS scenario.
Solution
arch-linux-upgrade-latest
References
- CVE-2020-25625
- https://attackerkb.com/topics/CVE-2020-25625
- URL-http://www.openwall.com/lists/oss-security/2020/09/17/1
- URL-https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html
- URL-https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- URL-https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
- URL-https://security.archlinux.org/ASA-202012-26
- URL-https://security.netapp.com/advisory/ntap-20201009-0005/
- CWE-835
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.