CVE-2019-15034 — Classic Buffer Overflow in Qemu

CWE-120 — Classic Buffer Overflow8 documents7 sources

Severity

5.8MEDIUMNVD

EPSS

0.2%

top 59.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedMar 10

Latest updateMay 24

Description

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:HExploitability: 1.0 | Impact: 4.7

Affected Packages4 packages

▶debiandebian/qemu< qemu 1:4.1-1 (bookworm)

▶Debianqemu/qemu< 1:4.1-1+3

▶Ubuntuqemu/qemu< 1:2.5+dfsg-5ubuntu10.44+2

▶NVDqemu/qemu4.0.0

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-7pcg-64mr-xg9c: hw/display/bochs-display↗2022-05-24

▶

OSV

qemu vulnerabilities↗2020-05-21

▶

OSV

CVE-2019-15034: hw/display/bochs-display↗2020-03-10

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2020-05-21

▶

Red Hat

qemu: hw/display/bochs-display.c does not ensure a sufficient PCI config space allocation leading to a buffer overflow involving the PCIe extended config space↗2019-08-12

▶

Debian

CVE-2019-15034: qemu - hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config...↗2019

▶

💬Community

Bugzilla

CVE-2019-15034 qemu: hw/display/bochs-display.c does not ensure a sufficient PCI config space allocation leading to a buffer overflow involving the PCIe extended config space↗2020-03-11

▶