CVE-2019-12068

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

Published: Sep 24, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-12068
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.8
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-835

Affected Software
References

Software	From	Fixed in
qemu / qemu	1-4.1-1	1-4.1-1.x
qemu / qemu	1-2.1+dfsg-12+deb8u6	1-2.1+dfsg-12+deb8u6.x
qemu / qemu	1-2.8+dfsg-6+deb9u8	1-2.8+dfsg-6+deb9u8.x
qemu / qemu	1-3.1+dfsg-8+deb10u2	1-3.1+dfsg-8+deb10u2.x
qemu / qemu	1-3.1+dfsg-8~deb10u1	1-3.1+dfsg-8~deb10u1.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	18.04	18.04.x
opensuse / leap	15.0	15.0.x
canonical / ubuntu_linux	19.04	19.04.x
canonical / ubuntu_linux	14.04	14.04.x
opensuse / leap	15.1	15.1.x
canonical / ubuntu_linux	19.10	19.10.x

Vulnerability Database

CVE-2019-12068