Description
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8,
1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12
(fixed), when executing script in lsi_execute_script(), the LSI scsi
adapter emulator advances 's->dsp' index to read next opcode. This can lead
to an infinite loop if the next opcode is empty. Move the existing loop
exit after 10k iterations so that it covers no-op opcodes as well.
Ubuntu-Description
It was discovered that the LSI SCSI adapter emulator implementation in
QEMU did not properly validate executed scripts. A local attacker could
use this to cause a denial of service.
Package
Upstream: | needs-triage
|
Ubuntu 12.04 ESM (Precise Pangolin): | needed
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Ubuntu 19.04 (Disco Dingo): | DNE
|
Ubuntu 19.10 (Eoan Ermine): | DNE
|
Ubuntu 20.04 (Focal Fossa): | DNE
|
Updated: 2019-12-05 19:59:12 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)