CVE-2019-12155

interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.

The product dereferences a pointer that it expects to be valid but is NULL.

Name	Vendor	Start Version	End Version
Qemu	Qemu	4.0.0 (including)	4.0.0 (including)
Advanced Virtualization for RHEL 8.1.0	RedHat	virt:8.1-8010020190927171011.cdc1202b	*
Advanced Virtualization for RHEL 8.1.0	RedHat	virt-devel:8.1-8010020190927171011.cdc1202b	*
Red Hat Enterprise Linux 6	RedHat	qemu-kvm-2:0.12.1.2-2.506.el6_10.5	*
Red Hat Enterprise Linux 7	RedHat	qemu-kvm-10:1.5.3-167.el7_7.1	*
Red Hat Enterprise Linux 8	RedHat	virt-devel:rhel-8010020190916153839.cdc1202b	*
Red Hat Enterprise Linux 8	RedHat	virt:rhel-8010020190916153839.cdc1202b	*
Red Hat OpenStack Platform 10.0 (Newton)	RedHat	qemu-kvm-rhev-10:2.12.0-33.el7_7.4	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	qemu-kvm-rhev-10:2.12.0-33.el7_7.4	*
Red Hat OpenStack Platform 14.0 (Rocky)	RedHat	qemu-kvm-rhev-10:2.12.0-33.el7_7.4	*
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7	RedHat	qemu-kvm-rhev-10:2.12.0-33.el7_7.4	*
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7	RedHat	qemu-kvm-rhev-10:2.12.0-44.el7	*
Red Hat Virtualization Engine 4.3	RedHat	qemu-kvm-rhev-10:2.12.0-33.el7_7.4	*
Red Hat Virtualization Engine 4.3	RedHat	qemu-kvm-rhev-10:2.12.0-44.el7	*
Qemu	Ubuntu	bionic	*
Qemu	Ubuntu	cosmic	*
Qemu	Ubuntu	devel	*
Qemu	Ubuntu	disco	*
Qemu	Ubuntu	eoan	*
Qemu	Ubuntu	esm-infra-legacy/trusty	*
Qemu	Ubuntu	esm-infra/bionic	*
Qemu	Ubuntu	esm-infra/focal	*
Qemu	Ubuntu	esm-infra/xenial	*
Qemu	Ubuntu	focal	*
Qemu	Ubuntu	groovy	*
Qemu	Ubuntu	hirsute	*
Qemu	Ubuntu	trusty/esm	*
Qemu	Ubuntu	upstream	*
Qemu	Ubuntu	xenial	*
Qemu-kvm	Ubuntu	precise/esm	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-12155
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference