Lucene search

PRIOn knowledge basePRION:CVE-2019-3812

HistoryFeb 19, 2019 - 2:29 p.m.

Out-of-bounds

2019-02-1914:29:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

CPENameOperatorVersion
ubuntu_linuxeq18.04
ubuntu_linuxeq18.10
fedoraeq29
fedoraeq30
leapeq42.3
qemuge2.10.0
qemule3.1.0

Name	Operator	Version
ubuntu_linux	eq	18.04
ubuntu_linux	eq	18.10
fedora	eq	29
fedora	eq	30
leap	eq	42.3
qemu	ge	2.10.0
qemu	le	3.1.0

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html

www.securityfocus.com/bid/107059

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/

seclists.org/bugtraq/2019/May/76

usn.ubuntu.com/3923-1/

www.debian.org/security/2019/dsa-4454