A null pointer dereference issue was found the QXL VGA card emulator of QEMU. It could occur while releasing resources allocated for a SPICE server thread in interface_release_resources(). A guest user could use this flaw to crash the QEMU process resulting in DoS scenario. Upstream patch: --------------- -> https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99 Reference: ---------- -> https://www.openwall.com/lists/oss-security/2019/05/22/1
Acknowledgments: Name: Sergej Schumilo (Ruhr University Bochum), Cornelius Aschermann (Ruhr University Bochum), Simon Wrner (Ruhr University Bochum)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1712727]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2607 https://access.redhat.com/errata/RHSA-2019:2607
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-12155
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:2892 https://access.redhat.com/errata/RHSA-2019:2892
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2019:3179 https://access.redhat.com/errata/RHSA-2019:3179
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3345 https://access.redhat.com/errata/RHSA-2019:3345
This issue has been addressed in the following products: Red Hat OpenStack Platform 14.0 (Rocky) Via RHSA-2019:3742 https://access.redhat.com/errata/RHSA-2019:3742
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:3787 https://access.redhat.com/errata/RHSA-2019:3787
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:4344 https://access.redhat.com/errata/RHSA-2019:4344
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2020:1216 https://access.redhat.com/errata/RHSA-2020:1216