CVE-2019-20175Improper Check for Unusual or Exceptional Conditions in Qemu

CWE-754Improper Check for Unusual or Exceptional Conditions5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
QemuDebian QemuMsrc CBL Mariner 1.0 ARM+2 more
Timeline
PublishedDec 31
Latest updateMay 24

Description

An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

debiandebian/qemu< qemu 1:5.0-1 (bookworm)
Debianqemu/qemu< 1:5.0-1+3
NVDqemu/qemu2.4.04.2.0

Patches

Patch: lists.nongnu.orgPatch: lists.nongnu.org

🔴Vulnerability Details

2
GHSA
GHSA-4r96-hw22-hhc7: ** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core2022-05-24
OSV
CVE-2019-20175: An issue was discovered in ide_dma_cb() in hw/ide/core2019-12-31

📋Vendor Advisories

2
Microsoft
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an a2019-12-10
Debian
CVE-2019-20175: qemu - An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4...2019