CVE-2019-12068

Published: 24 September 2019

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

From the Ubuntu security team

It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service.

Priority

Low

CVSS 3 base score: 3.8

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream
Released (1:4.1-2)
Ubuntu 21.04 (Hirsute Hippo)
Released (1:4.2-1ubuntu1)
Ubuntu 20.10 (Groovy Gorilla)
Released (1:4.2-1ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1:4.2-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:2.11+dfsg-1ubuntu7.20)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:2.5+dfsg-5ubuntu10.42)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.0.0+dfsg-2ubuntu1.47)
Patches:
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist