CVE-2019-20175

Name of the Vulnerable Software and Affected Versions QEMU versions 2.4.0 through 4.2.0

Description An issue was discovered in the ide dma cb() function, which can cause the QEMU process in the host system to crash via a special SCSI IOCTL SEND COMMAND. This issue implies that the size of successful DMA transfers must be a multiple of 512, the size of a sector. A member of the QEMU security team disputes the significance of this issue, stating that a privileged guest user has many ways to cause a similar denial-of-service effect without triggering this assertion.

Recommendations For QEMU versions 2.4.0 through 4.2.0, consider disabling the ide dma cb() function as a temporary workaround to minimize the risk of exploitation until a patch is available. Restrict access to the SCSI IOCTL SEND COMMAND to prevent potential crashes of the QEMU process in the host system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.