3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
QEMU is vulnerable to denial of service. During execution of scripts in lsi_execute_script()
, the LSI scsi adapter emulator advances s->dsp
index to read next opcode, resulting in an infinite loop if the subsequent opcode is empty.
lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html
lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html
git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08
lists.debian.org/debian-lts-announce/2019/09/msg00021.html
lists.debian.org/debian-lts-announce/2020/07/msg00020.html
lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
security-tracker.debian.org/tracker/CVE-2019-12068
usn.ubuntu.com/4191-1/
usn.ubuntu.com/4191-2/
www.debian.org/security/2020/dsa-4665
3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P