Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-20175

Опубликовано: 31 дек. 2019
Источник: debian
EPSS Низкий

Описание

An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:5.0-1package

Примечания

  • https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html

  • https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg03869.html

  • https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg00597.html

  • https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg02165.html

  • Marked unimportant, as negligible security impact (a privileged guest

  • can trigger similar issues without triggering the specific assert) and

  • is disputed by QEMU security team.

  • Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/ed78352a59ea7acf7520d4d47a96b9911bae7fc3 (v5.0.0-rc0)

EPSS

Процентиль: 67%
0.00537
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-20175

CVSS3: 7.5
ubuntu
около 6 лет назад

An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert.

nvd логотип

CVE-2019-20175

CVSS3: 7.5
nvd
около 6 лет назад

An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert.

msrc логотип

CVE-2019-20175

CVSS3: 7.5
msrc
больше 5 лет назад

Описание отсутствует

github логотип

GHSA-4r96-hw22-hhc7

CVSS3: 7.5
github
больше 3 лет назад

** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert."

fstec логотип

BDU:2020-01462

CVSS3: 7.3
fstec
около 6 лет назад

Уязвимость функции ide_dma_cb() эмуляции аппаратного обеспечения различных платформ QEMU, связанная с недостаточной проверкой необычных или исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 67%
0.00537
Низкий