CVE-2019-12067

CWE-476 — NULL Pointer Dereference9 documents7 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 62.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Fedoraproject Fedora Redhat Enterprise Linux +1 more

Timeline

PublishedJun 2

Latest updateMay 24

Description

The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages1 packages

▶NVDredhat/openstack_platform10.0, 14.0+1

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 30, Enterprise Linux 8.0

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-2m2h-fmqp-ffwh: The ahci_commit_buf function in ide/ahci↗2022-05-24

▶

OSV

CVE-2019-12067: The ahci_commit_buf function in ide/ahci↗2021-06-02

▶

CVEList

CVE-2019-12067: The ahci_commit_buf function in ide/ahci↗2021-06-02

▶

📋Vendor Advisories

Red Hat

QEMU: NULL dereference in ahci_commit_buf() leading to DoS↗2019-10-09

▶

Debian

CVE-2019-12067: qemu - The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a d...↗2019

▶

💬Community

Bugzilla

CVE-2019-12067 xen: QEMU: NULL dereference in ahci_commit_buf() leading to DoS [fedora-all]↗2019-10-09

▶

Bugzilla

CVE-2019-12067 qemu: NULL dereference in ahci_commit_buf() leading to DoS [fedora-all]↗2019-10-09

▶

Bugzilla

CVE-2019-12067 QEMU: NULL dereference in ahci_commit_buf() leading to DoS↗2019-10-09

▶