Ubuntu.comUB:CVE-2019-12068CVE-2019-12068
3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0005 Low
EPSS
Percentile
15.8%
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8,
1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12
(fixed), when executing script in lsi_execute_script(), the LSI scsi
adapter emulator advances ‘s->dsp’ index to read next opcode. This can lead
to an infinite loop if the next opcode is empty. Move the existing loop
exit after 10k iterations so that it covers no-op opcodes as well.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | qemu | < 1:2.11+dfsg-1ubuntu7.20 | UNKNOWN |
| ubuntu | 19.04 | noarch | qemu | < 1:3.1+dfsg-2ubuntu3.6 | UNKNOWN |
| ubuntu | 19.10 | noarch | qemu | < 1:4.0+dfsg-0ubuntu9.1 | UNKNOWN |
| ubuntu | 20.04 | noarch | qemu | < 1:4.2-1ubuntu1 | UNKNOWN |
| ubuntu | 20.10 | noarch | qemu | < 1:4.2-1ubuntu1 | UNKNOWN |
| ubuntu | 21.04 | noarch | qemu | < 1:4.2-1ubuntu1 | UNKNOWN |
| ubuntu | 14.04 | noarch | qemu | < 2.0.0+dfsg-2ubuntu1.47) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
| ubuntu | 16.04 | noarch | qemu | < 1:2.5+dfsg-5ubuntu10.42 | UNKNOWN |
References
launchpad.net/bugs/cve/CVE-2019-12068
lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
nvd.nist.gov/vuln/detail/CVE-2019-12068
security-tracker.debian.org/tracker/CVE-2019-12068
ubuntu.com/security/notices/USN-4191-1
ubuntu.com/security/notices/USN-4191-2
www.cve.org/CVERecord?id=CVE-2019-12068
Related
3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0005 Low
EPSS
Percentile
15.8%