Bug 1135905 - VUL-1: CVE-2019-12155: xen: null pointer dereference while releasing spice resources
VUL-1: CVE-2019-12155: xen: null pointer dereference while releasing spice re...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/233401/
CVSSv2:NVD:CVE-2019-12155:5.0:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-22 11:42 UTC by Alexandros Toptsoglou
Modified: 2021-01-22 21:06 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-05-22 11:42:51 UTC
+++ This bug was initially created as a clone of Bug #1135902 +++

CVE-2019-12155

A null pointer dereference issue was found the QXL VGA card emulator
of QEMU. It could occur while releasing resources allocated for a
SPICE server thread in interface_release_resources().

A guest user could use this flaw to crash the QEMU process resulting
in DoS scenario.

Upstream patch:
---------------
  -> https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2019/05/22/1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1712670
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12155
http://seclists.org/oss-sec/2019/q2/122
https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
Comment 1 Alexandros Toptsoglou 2019-05-22 11:44:31 UTC
SLE11-SP3, SLE11-SP3-Teradata, SLE12 are tracked as affected
Comment 3 Swamp Workflow Management 2019-10-24 16:22:49 UTC
SUSE-SU-2019:14199-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 1126140,1126141,1126192,1126195,1126196,1126198,1126201,1127400,1135905,1143797,1145652,1146874,1149813
CVE References: CVE-2019-12067,CVE-2019-12068,CVE-2019-12155,CVE-2019-14378,CVE-2019-15890,CVE-2019-17340,CVE-2019-17341,CVE-2019-17342,CVE-2019-17343,CVE-2019-17344,CVE-2019-17346,CVE-2019-17347,CVE-2019-17348
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    xen-4.4.4_40-61.49.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.4_40-61.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2019-10-25 16:18:37 UTC
SUSE-SU-2019:14201-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1047675,1126140,1126141,1126192,1126195,1126196,1130680,1135905,1143797,1145652,1146874,1149813
CVE References: CVE-2017-10806,CVE-2018-20815,CVE-2019-12067,CVE-2019-12068,CVE-2019-12155,CVE-2019-14378,CVE-2019-15890,CVE-2019-17340,CVE-2019-17341,CVE-2019-17342,CVE-2019-17343,CVE-2019-17344
Sources used:
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xen-4.2.5_21-45.33.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xen-4.2.5_21-45.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2020-02-17 17:12:13 UTC
SUSE-SU-2020:0388-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 1115045,1126140,1126141,1126192,1126195,1126196,1126201,1135905,1143797,1145652,1146874,1149813,1152497,1154448,1154456,1154458,1154461,1155945,1157888,1158003,1158004,1158005,1158006,1158007,1161181
CVE References: CVE-2018-12207,CVE-2018-19965,CVE-2019-11135,CVE-2019-12067,CVE-2019-12068,CVE-2019-12155,CVE-2019-14378,CVE-2019-15890,CVE-2019-17340,CVE-2019-17341,CVE-2019-17342,CVE-2019-17343,CVE-2019-17344,CVE-2019-17347,CVE-2019-18420,CVE-2019-18421,CVE-2019-18424,CVE-2019-18425,CVE-2019-19577,CVE-2019-19578,CVE-2019-19579,CVE-2019-19580,CVE-2019-19581,CVE-2019-19583,CVE-2020-7211
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    xen-4.5.5_28-22.64.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    xen-4.5.5_28-22.64.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Charles Arnold 2021-01-22 21:06:06 UTC
Backported and released to 11-SP3.