CVE-2020-25624 – hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via va

hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25624

Reference (s):

• https://security.netapp.com/advisory/ntap-20201210-0005/
• https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html