CVE Vulnerabilities

CVE-2019-12155

NULL Pointer Dereference

Published: May 24, 2019 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
3.8 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Ubuntu
LOW

interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Qemu Qemu 4.0.0 (including) 4.0.0 (including)
Advanced Virtualization for RHEL 8.1.0 RedHat virt:8.1-8010020190927171011.cdc1202b *
Advanced Virtualization for RHEL 8.1.0 RedHat virt-devel:8.1-8010020190927171011.cdc1202b *
Red Hat Enterprise Linux 6 RedHat qemu-kvm-2:0.12.1.2-2.506.el6_10.5 *
Red Hat Enterprise Linux 7 RedHat qemu-kvm-10:1.5.3-167.el7_7.1 *
Red Hat Enterprise Linux 8 RedHat virt-devel:rhel-8010020190916153839.cdc1202b *
Red Hat Enterprise Linux 8 RedHat virt:rhel-8010020190916153839.cdc1202b *
Red Hat OpenStack Platform 10.0 (Newton) RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat OpenStack Platform 13.0 (Queens) RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat OpenStack Platform 14.0 (Rocky) RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat qemu-kvm-rhev-10:2.12.0-44.el7 *
Red Hat Virtualization Engine 4.3 RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat Virtualization Engine 4.3 RedHat qemu-kvm-rhev-10:2.12.0-44.el7 *
Qemu Ubuntu bionic *
Qemu Ubuntu cosmic *
Qemu Ubuntu devel *
Qemu Ubuntu disco *
Qemu Ubuntu eoan *
Qemu Ubuntu esm-infra/bionic *
Qemu Ubuntu esm-infra/xenial *
Qemu Ubuntu focal *
Qemu Ubuntu groovy *
Qemu Ubuntu hirsute *
Qemu Ubuntu trusty/esm *
Qemu Ubuntu upstream *
Qemu Ubuntu xenial *
Qemu-kvm Ubuntu precise/esm *

Potential Mitigations

References