The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header ad->cur_cmd is null.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qemu | Qemu | - (including) | - (including) |
| Qemu | Ubuntu | bionic | * |
| Qemu | Ubuntu | disco | * |
| Qemu | Ubuntu | eoan | * |
| Qemu | Ubuntu | focal | * |
| Qemu | Ubuntu | groovy | * |
| Qemu | Ubuntu | hirsute | * |
| Qemu | Ubuntu | impish | * |
| Qemu | Ubuntu | kinetic | * |
| Qemu | Ubuntu | lunar | * |
| Qemu | Ubuntu | mantic | * |
| Qemu | Ubuntu | oracular | * |
| Qemu | Ubuntu | plucky | * |
| Qemu | Ubuntu | trusty | * |
| Qemu | Ubuntu | trusty/esm | * |
| Qemu | Ubuntu | xenial | * |
| Qemu-kvm | Ubuntu | precise/esm | * |
| Qemu-kvm | Ubuntu | trusty | * |
Potential Mitigations
References
- https://bugzilla.suse.com/show_bug.cgi?id=1145642
- https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html
- https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html
- https://security-tracker.debian.org/tracker/CVE-2019-12067
- https://security.netapp.com/advisory/ntap-20210727-0001/
- https://bugzilla.suse.com/show_bug.cgi?id=1145642
- https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html
- https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html
- https://security-tracker.debian.org/tracker/CVE-2019-12067
- https://security.netapp.com/advisory/ntap-20210727-0001/