CVE-2019-20175
Summary
| CVE | CVE-2019-20175 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-12-31 04:15:00 UTC |
| Updated | 2023-11-07 03:08:00 UTC |
| Description | ** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert." |
Risk And Classification
Problem Types: CWE-754
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [Qemu-devel] [QEMU-SECURITY] ide: fix assertion in ide_dma_cb() to preve | MISC | lists.nongnu.org | Exploit, Mailing List, Third Party Advisory |
| [PATCH v3 0/2] ide: Fix incorrect handling of some PRDTs and add the corresponding unit-test | www.mail-archive.com | ||
| [PATCH v2 1/1] ide: check DMA transfer size in ide_dma_cb() to prevent q | MISC | lists.nongnu.org | Mailing List, Patch, Third Party Advisory |
| Re: [Qemu-devel] [Qemu-block] [QEMU-SECURITY] ide: fix assertion in ide_ | MISC | lists.nongnu.org | Mailing List, Third Party Advisory |
| Re: [QEMU-SECURITY] ide: fix assertion in ide_dma_cb() to prevent qemu D | MISC | lists.nongnu.org | Third Party Advisory |
| [PATCH v3 0/2] ide: Fix incorrect handling of some PRDTs and add the corresponding unit-test | MISC | www.mail-archive.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.