Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2019-12155

Disclosure Date: May 24, 2019
CVE-2019-12155
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • qemu

Products

  • qemu 4.0.0

References

Canonical
CVE-2019-12155 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12155)
Advisory
http://www.openwall.com/lists/oss-security/2019/05/22/1
DSA-4454 (https://www.debian.org/security/2019/dsa-4454)
20190531 [SECURITY] [DSA 4454-1] qemu security update (https://seclists.org/bugtraq/2019/May/76)
FEDORA-2019-52a8f5468e (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL)
FEDORA-2019-e9de40d53f (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html
https://access.redhat.com/errata/RHSA-2019:2607
[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update (https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html)
https://access.redhat.com/errata/RHSA-2019:2892
https://access.redhat.com/errata/RHSA-2019:3179
https://access.redhat.com/errata/RHSA-2019:3345
https://access.redhat.com/errata/RHSA-2019:3742
https://access.redhat.com/errata/RHSA-2019:3787
USN-4191-2 (https://usn.ubuntu.com/4191-2)
USN-4191-1 (https://usn.ubuntu.com/4191-1)
https://access.redhat.com/errata/RHBA-2019:3723
https://access.redhat.com/errata/RHSA-2019:4344
FEDORA-2019-52a8f5468e (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/)
FEDORA-2019-e9de40d53f (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/)
USN-4191-2 (https://usn.ubuntu.com/4191-2/)
USN-4191-1 (https://usn.ubuntu.com/4191-1/)
Miscellaneous
https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html
https://git.qemu.org/?p=qemu.git;a=commit;h=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis