Vulnerability Details : CVE-2019-12068
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Products affected by CVE-2019-12068
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:1\:2.1\+dfsg-12\+deb8u6:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:1\:2.8\+dfsg-6\+deb9u8:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:1\:3.1\+dfsg-8\+deb10u2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:1\:3.1\+dfsg-8\~deb10u1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:1\:4.1-1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-12068
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-12068
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
|
3.8
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
2.0
|
1.4
|
NIST |
CWE ids for CVE-2019-12068
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-12068
-
https://usn.ubuntu.com/4191-1/
USN-4191-1: QEMU vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
[Qemu-devel] [PATCH v3 1/2] scsi: lsi: exit infinite loop while executinMailing List;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html
[security-announce] openSUSE-SU-2019:2510-1: important: Security updateThird Party Advisory
-
https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08
git.qemu.org Git - qemu.git/commitMailing List;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
[SECURITY] [DLA 2288-1] qemu security update
-
https://www.debian.org/security/2020/dsa-4665
Debian -- Security Information -- DSA-4665-1 qemu
-
https://security-tracker.debian.org/tracker/CVE-2019-12068
CVE-2019-12068Third Party Advisory
-
https://usn.ubuntu.com/4191-2/
USN-4191-2: QEMU vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
[SECURITY] [DLA 1927-1] qemu security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html
[security-announce] openSUSE-SU-2019:2505-1: important: Security updateThird Party Advisory
Jump to