CVE-2019-12068

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

References

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html

https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08

https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html

https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html

https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html

https://security-tracker.debian.org/tracker/CVE-2019-12068

https://usn.ubuntu.com/4191-1/

https://usn.ubuntu.com/4191-2/

https://www.debian.org/security/2020/dsa-4665

Details

Source: MITRE

Published: 2019-09-24

Updated: 2020-07-26

Type: CWE-835

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 3.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 2

Severity: LOW

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
150615SUSE SLES11 Security Update : kvm (SUSE-SU-2020:14396-1)NessusSuSE Local Security Checks
medium
150593SUSE SLES11 Security Update : xen (SUSE-SU-2019:14199-1)NessusSuSE Local Security Checks
high
138911Debian DLA-2288-1 : qemu security updateNessusDebian Local Security Checks
medium
138009EulerOS Virtualization 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-1790)NessusHuawei Local Security Checks
critical
137586SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1538-1)NessusSuSE Local Security Checks
medium
137581SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1526-1)NessusSuSE Local Security Checks
medium
137577SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1514-1)NessusSuSE Local Security Checks
medium
136276EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2020-1573)NessusHuawei Local Security Checks
critical
136069Debian DSA-4665-1 : qemu - security updateNessusDebian Local Security Checks
medium
133763SUSE SLES12 Security Update : xen (SUSE-SU-2020:0388-1)NessusSuSE Local Security Checks
critical
131064openSUSE Security Update : qemu (openSUSE-2019-2510)NessusSuSE Local Security Checks
high
131059openSUSE Security Update : qemu (openSUSE-2019-2505)NessusSuSE Local Security Checks
medium
131017Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : QEMU vulnerabilities (USN-4191-1)NessusUbuntu Local Security Checks
high
130954SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:2956-1)NessusSuSE Local Security Checks
medium
130953SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2955-1)NessusSuSE Local Security Checks
high
130952SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2954-1)NessusSuSE Local Security Checks
medium
130343SUSE SLES12 Security Update : xen (SUSE-SU-2019:2783-1)NessusSuSE Local Security Checks
high
130253SUSE SLES12 Security Update : xen (SUSE-SU-2019:2769-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
130197SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:2753-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
129105Debian DLA-1927-1 : qemu security updateNessusDebian Local Security Checks
high