CVE-2019-12068

NameCVE-2019-12068
DescriptionIn QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1927-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)jessie1:2.1+dfsg-12+deb8u6vulnerable
jessie (security)1:2.1+dfsg-12+deb8u12fixed
stretch (security), stretch1:2.8+dfsg-6+deb9u8vulnerable
buster1:3.1+dfsg-8~deb10u1vulnerable
buster (security)1:3.1+dfsg-8+deb10u2vulnerable
bullseye, sid1:4.1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusource(unstable)(unfixed)low
qemusourcejessie1:2.1+dfsg-12+deb8u12DLA-1927-1
qemu-kvmsource(unstable)(unfixed)

Notes

[buster] - qemu <postponed> (Minor issue, can be fixed along in future update)
[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08

Search for package or bug name: Reporting problems