Impact: Low Public Date: 2019-06-06 CWE: CWE-78 Bugzilla: 1724809: CVE-2019-12929 qemu: QEMU guest agent guest_exec command execution The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2019-12929 from the MITRE CVE dictionary dictionary and NIST NVD.
QEMU Machine Protocol (QMP) is for administrative control of QEMU instances. It must not be exposed to unprivileged users.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 9.8 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
| Platform | Package | State |
|---|---|---|
| Red Hat OpenStack Platform 9.0 | qemu-kvm-rhev | Under investigation |
| Red Hat OpenStack Platform 14.0 (Rocky) | qemu-kvm-rhev | Under investigation |
| Red Hat OpenStack Platform 13.0 (Queens) | qemu-kvm-rhev | Under investigation |
| Red Hat OpenStack Platform 10 | qemu-kvm-rhev | Under investigation |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | qemu-kvm-rhev | Under investigation |
| Red Hat Enterprise Linux 8 | qemu-kvm | Under investigation |
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Under investigation |
| Red Hat Enterprise Linux 7 | qemu-kvm | Under investigation |
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Under investigation |
| Red Hat Enterprise Linux 6 | qemu-kvm | Under investigation |
| Red Hat Enterprise Linux 5 | kvm | Under investigation |
| Red Hat Enterprise Linux 5 | xen | Under investigation |
Vulmon