CVE-2019-12067: Null Pointer Dereference
First published: Wed Jun 02 2021(Updated: )
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU qemu | ||
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Fedoraproject Fedora | =30 | |
| Redhat Openstack Platform | =10.0 | |
| Redhat Openstack Platform | =14.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =8.0 | |
| debian/qemu | <=1:5.2+dfsg-11+deb11u3<=1:5.2+dfsg-11+deb11u2<=1:7.2+dfsg-7+deb12u6<=1:8.2.4+ds-1<=1:9.0.2+ds-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.suse.com/show_bug.cgi?id=1145642
- https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html
- https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html
- https://security-tracker.debian.org/tracker/CVE-2019-12067
- https://security.netapp.com/advisory/ntap-20210727-0001/
- https://patchew.org/QEMU/20190808065636.28787-1-ppandit@redhat.com/
- https://github.com/qemu/qemu/commit/659142ecf71a0da240ab0ff7cf929ee25c32b9bc
Frequently Asked Questions
What is CVE-2019-12067?
CVE-2019-12067 is a vulnerability in QEMU that allows attackers to cause a denial of service by triggering a NULL dereference in the ahci_commit_buf function.
Which software is affected by CVE-2019-12067?
QEMU and various versions of Debian, Fedora, Redhat Openstack Platform, and Redhat Enterprise Linux are affected.
What is the severity of CVE-2019-12067?
CVE-2019-12067 has a severity score of 6.5, which is considered medium.
How can I fix CVE-2019-12067?
Apply the appropriate security patches provided by the affected software vendors.
Where can I find more information about CVE-2019-12067?
You can find more information about CVE-2019-12067 in the provided references.
- collector/nvd-index
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/softwarecombine
- agent/event
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- vendor/qemu
- canonical/qemu qemu
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- vendor/redhat
- canonical/redhat openstack platform
- version/redhat openstack platform/10.0
- version/redhat openstack platform/14.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- package-manager/debian