QwikSec

Security Database

CVE

CWE

Training

CVE-2019-12068

Published: Sep 24, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update

mailing-list

x_refsource_MLIST

https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html

x_refsource_MISC

https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08

x_refsource_MISC

https://security-tracker.debian.org/tracker/CVE-2019-12068

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2019:2510

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2505

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.