In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
References
Link | Resource |
---|---|
https://security-tracker.debian.org/tracker/CVE-2019-12068 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html | Mailing List Third Party Advisory |
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html | Mailing List Patch Third Party Advisory |
https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08 | Mailing List Vendor Advisory |
https://usn.ubuntu.com/4191-2/ | Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html | Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html | Third Party Advisory |
https://usn.ubuntu.com/4191-1/ | Third Party Advisory |
https://www.debian.org/security/2020/dsa-4665 | |
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
|
Information
Published : 2019-09-24 13:15
Updated : 2020-07-26 07:15
NVD link : CVE-2019-12068
Mitre link : CVE-2019-12068
JSON object : View
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
opensuse
- leap
qemu
- qemu