PT-2019-4600 · Qemu+7 · Qemu+7

Cornelius Aschermann

+2

·

Published

2019-05-07

·

Updated

2024-06-15

·

CVE-2019-12155

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions QEMU versions 3.1.x through 4.0.0
Description The issue is related to a NULL pointer dereference in the interface release resource function in hw/display/qxl.c. This could potentially allow a remote attacker to cause a denial of service. The estimated number of potentially affected devices worldwide is not specified.
Recommendations For QEMU versions 3.1.x through 4.0.0, consider disabling the interface release resource function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2019:3345
ALT-PU-2019-2496
ALT-PU-2019-2534
BDU:2020-00700
CESA-2019_2607
CESA-2019_2892
CESA-2019_3345
CVE-2019-12155
DLA-1927-1
DSA-4454-1
DSA-4454-2
OPENSUSE-SU-2019:2041-1
OPENSUSE-SU-2019:2059-1
OPENSUSE-SU-2019_2041-1
OPENSUSE-SU-2019_2059-1
OPENSUSE-SU-2024:11287-1
RHSA-2019:2607
RHSA-2019:2892
RHSA-2019:3179
RHSA-2019:3345
RHSA-2019:3742
RHSA-2019:3787
RHSA-2019:4344
RHSA-2019_2607
RHSA-2019_2892
RHSA-2019_3345
RHSA-2020:1216
RLSA-2019:3345
SUSE-SU-2019:14151-1
SUSE-SU-2019:14199-1
SUSE-SU-2019:14201-1
SUSE-SU-2019:2157-1
SUSE-SU-2019:2192-1
SUSE-SU-2019:2221-1
SUSE-SU-2019:2246-1
SUSE-SU-2019:2353-1
SUSE-SU-2019_14151-1
SUSE-SU-2019_14199-1
SUSE-SU-2019_2157-1
SUSE-SU-2019_2192-1
SUSE-SU-2019_2221-1
SUSE-SU-2019_2246-1
SUSE-SU-2019_2353-1
SUSE-SU-2020:0388-1
USN-4191-1
USN-4191-2

Affected Products

Alt Linux
Almalinux
Centos
Qemu
Red Hat
Rocky Linux
Suse
Ubuntu