{"id":"CVE-2014-5263","details":"vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors.","modified":"2026-04-16T01:48:47.983300294Z","published":"2014-08-26T14:55:06Z","withdrawn":"2026-01-27T04:12:52.547395Z","references":[{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2409-1"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2014/08/04/1"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1126543"},{"type":"WEB","url":"http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3afca1d6d413592c2b78cf28f52fa24a586d8f56"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/08/16/1"}],"schema_version":"1.7.3"}