CVE-2019-12068

EUVD-2019-3721
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.8 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.04
canonicalubuntu_linux
19.10
opensuseleap
15.0
opensuseleap
15.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
bionic
Fixed 1:2.11+dfsg-1ubuntu7.20
released
disco
Fixed 1:3.1+dfsg-2ubuntu3.6
released
eoan
Fixed 1:4.0+dfsg-0ubuntu9.1
released
focal
Fixed 1:4.2-1ubuntu1
released
groovy
Fixed 1:4.2-1ubuntu1
released
hirsute
Fixed 1:4.2-1ubuntu1
released
trusty
Fixed 2.0.0+dfsg-2ubuntu1.47
released
xenial
Fixed 1:2.5+dfsg-5ubuntu10.42
released
qemu-kvm
bionic
dne
disco
dne
eoan
dne
focal
dne
groovy
dne
hirsute
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html
https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
https://security-tracker.debian.org/tracker/CVE-2019-12068
https://usn.ubuntu.com/4191-1/
https://usn.ubuntu.com/4191-2/
https://www.debian.org/security/2020/dsa-4665
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html
https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
https://security-tracker.debian.org/tracker/CVE-2019-12068
https://usn.ubuntu.com/4191-1/
https://usn.ubuntu.com/4191-2/
https://www.debian.org/security/2020/dsa-4665