Bug 1139714 - (CVE-2019-12928) VUL-0: CVE-2019-12928: kvm,qemu: QEMU machine protocol migrate command execution
(CVE-2019-12928)
VUL-0: CVE-2019-12928: kvm,qemu: QEMU machine protocol migrate command execution
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/235639/
CVSSv3:RedHat:CVE-2019-12928:9.8:(AV:...
:
Depends on:
Blocks: 1140124
  Show dependency treegraph
 
Reported: 2019-06-28 11:04 UTC by Marcus Meissner
Modified: 2020-05-06 14:57 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-06-28 11:04:21 UTC
rh#1724812

The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.

https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928/

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1724812
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12928
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12928.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12928
https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928/
Comment 1 Liang Yan 2019-07-22 16:27:27 UTC
This one has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.
Comment 4 Alexandros Toptsoglou 2020-05-06 14:57:41 UTC
Closing