CVE-2019-12068 in Ubuntu

CVE-2019-12068

Priority

Description

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8,
1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12
(fixed), when executing script in lsi_execute_script(), the LSI scsi
adapter emulator advances 's->dsp' index to read next opcode. This can lead
to an infinite loop if the next opcode is empty. Move the existing loop
exit after 10k iterations so that it covers no-op opcodes as well.

Ubuntu-Description

It was discovered that the LSI SCSI adapter emulator implementation in
QEMU did not properly validate executed scripts. A local attacker could
use this to cause a denial of service.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12068
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
https://usn.ubuntu.com/usn/usn-4191-1
https://usn.ubuntu.com/usn/usn-4191-2

Assigned-to

sbeattie

Notes

Package

Source: qemu (LP Ubuntu Debian)

Upstream:	released (1:4.1-2)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (2.0.0+dfsg-2ubuntu1.47)
Ubuntu 16.04 LTS (Xenial Xerus):	released (1:2.5+dfsg-5ubuntu10.42)
Ubuntu 18.04 LTS (Bionic Beaver):	released (1:2.11+dfsg-1ubuntu7.20)
Ubuntu 20.04 LTS (Focal Fossa):	released (1:4.2-1ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):	released (1:4.2-1ubuntu1)

Patches:

Upstream:

https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08

Package

Source: qemu-kvm (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	needed
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE

More Information

Updated: 2020-08-03 05:14:33 UTC (commit ca793e36110c7dda8fe91d7b6bffa61af3a69619)