3.8

CVE-2019-12068

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

Data is provided by the National Vulnerability Database (NVD)
QemuQemu Version1:4.1-1
QemuQemu Version1:2.1+dfsg-12+deb8u6
   DebianDebian Linux Version8.0
QemuQemu Version1:2.8+dfsg-6+deb9u8
   DebianDebian Linux Version9.0
QemuQemu Version1:3.1+dfsg-8+deb10u2
   DebianDebian Linux Version10.0
QemuQemu Version1:3.1+dfsg-8~deb10u1
   DebianDebian Linux Version10.0
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
CanonicalUbuntu Linux Version19.10
OpensuseLeap Version15.0
OpensuseLeap Version15.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.1% 0.281
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.8 2 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://usn.ubuntu.com/4191-1/
Third Party Advisory
https://usn.ubuntu.com/4191-2/
Third Party Advisory