CVE-2019-12068

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-12068
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12068.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-12068
Related
Published
2019-09-24T20:15:11Z
Modified
2024-04-30T00:38:43Z
Severity
  • 3.8 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsiexecutescript(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

References

Affected packages

Debian:11 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.1-2

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.1-2

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.1-2

Ecosystem specific

{
    "urgency": "low"
}