CVE-2019-3812Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read10 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.1%
top 77.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
QemuDebian QemuTHE Qemu Project Qemu+3 more
Timeline
PublishedFeb 19
Latest updateMay 14

Description

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

debiandebian/qemu< qemu 1:3.1+dfsg-5 (bookworm)
Debianqemu/qemu< 1:3.1+dfsg-5+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.45+2
NVDqemu/qemu2.10.03.1.0
CVEListV5the_qemu_project/qemuthrough version 2.10 and through to 3.1.0

Also affects: Fedora 29, 30, Ubuntu Linux 18.04, 18.10

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-4mh7-g8hh-qp2p: QEMU, through version 22022-05-14
OSV
qemu vulnerabilities2019-03-27
OSV
CVE-2019-3812: QEMU, through version 22019-02-19

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2019-03-27
Red Hat
qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure2019-02-18
Debian
CVE-2019-3812: qemu - QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of...2019

💬Community

3
Bugzilla
CVE-2019-3812 qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure [epel-all]2019-02-18
Bugzilla
CVE-2019-3812 qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure [fedora-all]2019-02-18
Bugzilla
CVE-2019-3812 qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure2019-01-14