Denial of service in QEMU in F5 Networks BIG-IP products
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-25084 |
| CWE-ID | CWE-416 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
BIG-IP SSLO Hardware solutions / Firmware BIG-IP DDHD Hardware solutions / Firmware BIG-IP Hardware solutions / Firmware BIG-IP PEM Hardware solutions / Security hardware applicances BIG-IP GTM Hardware solutions / Security hardware applicances BIG-IP FPS Hardware solutions / Security hardware applicances BIG-IP ASM Hardware solutions / Security hardware applicances BIG-IP APM Hardware solutions / Security hardware applicances BIG-IP Analytics Hardware solutions / Security hardware applicances BIG-IP AFM Hardware solutions / Security hardware applicances BIG-IP LTM Hardware solutions / Security hardware applicances BIG-IP Link Controller Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP DNS Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP AAM Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP Advanced WAF Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU46790
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2020-25084
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in USB(xHCI/eHCI) controller emulators of QEMU in hw/usb/hcd-xhci.c and hw/usb/hcd-ehci.c files when processing USB packets. A remote user on the guest operating system can send specially crafted data to the controller, trigger a use-after-free error and crash the QEMU process.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBIG-IP SSLO: 11.6.1 - 16.0.1
BIG-IP PEM: 11.6.1 HF1 - 16.0.1
BIG-IP Link Controller: 11.6.1 HF1 - 16.0.1
BIG-IP GTM: 11.6.1 HF1 - 16.0.1
BIG-IP FPS: 11.6.1 - 16.0.1
BIG-IP DNS: 11.6.1 - 16.0.1
BIG-IP DDHD: 11.6.1 - 16.0.1
BIG-IP ASM: 11.6.1 HF1 - 16.0.1
BIG-IP APM: 11.6.1 HF1 - 16.0.1
BIG-IP Analytics: 11.6.1 HF1 - 16.0.1
BIG-IP AFM: 11.6.1 HF1 - 16.0.1
BIG-IP Advanced WAF: 11.6.1 - 16.0.1
BIG-IP AAM: 11.6.1 HF1 - 16.0.1
BIG-IP LTM: 11.6.1 HF1 - 16.0.1
BIG-IP: 11.6.1 HF1 - 16.0.1
CPE2.3- cpe:2.3:h:f5_networks:big-ip_sslo:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_sslo:11.6.2 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_sslo:11.6.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.6.1 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.6.2 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.6.1 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.6.2 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_gtm:11.6.1 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_fps:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ddhd:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:11.6.1 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:11.6.1:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_analytics:11.6.1 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.6.1:HF1:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_advanced_waf:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.6.1:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:11.6.1 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip:11.6.5.2:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K41301038
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
