1145642 – (CVE-2019-12067) VUL-1: CVE-2019-12067: kvm,qemu: ide: ahci: add check to avoid null dereference

Bug 1145642 (CVE-2019-12067) - VUL-1: CVE-2019-12067: kvm,qemu: ide: ahci: add check to avoid null dereference

Summary: VUL-1: CVE-2019-12067: kvm,qemu: ide: ahci: add check to avoid null dereference

Status:	RESOLVED FIXED

Alias:	CVE-2019-12067

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/239444/
Whiteboard:	CVSSv3:SUSE:CVE-2019-12067:3.3:(AV:L/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-08-14 14:21 UTC by Marcus Meissner
Modified:	2024-05-06 12:50 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2019-08-14 14:21:50 UTC

CVE-2019-12067

https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html

From: Prasad J Pandit <address@hidden>

AHCI emulator while committing DMA buffer in ahci_commit_buf()
may do a NULL dereference if the command header 'ad->cur_cmd'
is null. Add check to avoid it.

Comment 1 Alexandros Toptsoglou 2019-08-23 13:47:23 UTC

It seems that the issue introduced in version 2.2. Based on this tracked as affected SLE-12-SP1,SP2,SP3,SP4 and SLE15-GA,SP1 

No kvm ships a vulnerable qemu version

Comment 2 Bruce Rogers 2019-11-04 21:55:44 UTC

Upstream didn't agree with this change, as it seems that if there actually is an issue here, it needs to be fixes elsewhere. So for now, I won't apply this patch.

Comment 3 Claudio Fontana 2021-01-18 17:00:57 UTC

should this be closed? do we have an alternative approach working for upstream that we included?

Comment 4 Gianluca Gabrielli 2021-04-02 11:59:16 UTC

Hi Bruce, is there any update about this fix?

Comment 5 Bruce Rogers 2021-04-02 17:52:40 UTC

I don't see any follow up on this issue anywhere. It was pointed out that the fix associated with this CVE would indeed be different than the one proposed, and I see no evidence in the code that such a fix was ever applied to the upstream codebase.

We should close this as not an issue. Returning back to the security team.

Comment 6 Thomas Leroy 2024-05-06 12:50:06 UTC

All done, closing.