A divide-by-zero flaw was found in QEMU in the dwc-hsotg (dwc2) USB host controller emulation. More specifically, HCCHAR_MPS was read from a device register and later used as a divisor without performing a sanity check. This flaw allows a malicious or buggy guest to crash the QEMU process on the host, resulting in a denial of service.
bugzilla.redhat.com/show_bug.cgi?id=1890653
git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03
lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html
security-tracker.debian.org/tracker/CVE-2020-27661
security.netapp.com/advisory/ntap-20210720-0010/
www.mail-archive.com/[email protected]/msg1770368.html