Lucene search
Redhat.comRH:CVE-2019-15034HistoryApr 04, 2020 - 5:35 a.m.
CVE-2019-15034
2020-04-0405:35:41
redhat.com
access.redhat.com
12
EPSS
0
Percentile
5.1%
A buffer overflow flaw was found in the way the Bochs display driver of QEMU handled the PCIe extended configuration space when the device is connected to a PCIe bus. Accessing the PCIe extended config space could overflow the conventional PCI config space buffer due to limited memory allocation. As the PCIe config space is guest writeable, this flaw allows a local attacker to gain access and potentially execute arbitrary code on the host with the privileges of the QEMU process.
Mitigation
Use -device bochs-display as conventional PCI device only.
Related
debiancve
debiancve
CVE-2019-15034
2020-03-10 18:15:11
cvelist
cvelist
CVE-2019-15034
2020-03-10 17:19:02
osv
osv
CVE-2019-15034
2020-03-10 18:15:11
qemu - security update
2020-04-27 00:00:00
ubuntucve
ubuntucve
CVE-2019-15034
2020-03-10 00:00:00
prion
prion
Buffer overflow
2020-03-10 18:15:00
nvd
nvd
CVE-2019-15034
2020-03-10 18:15:11
cve
cve
CVE-2019-15034
2020-03-10 18:15:11
debian
debian
[SECURITY] [DSA 4665-1] qemu security update
2020-04-27 17:55:43
nessus
nessus
Debian DSA-4665-1 : qemu - security update
2020-04-29 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : QEMU vulnerabilities (USN-4372-1)
2020-05-22 00:00:00
SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2020:0844-1)
2020-04-02 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4665-1)
2020-04-29 00:00:00
Ubuntu: Security Advisory (USN-4372-1)
2020-05-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0844-1)
2021-06-09 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2020-05-21 00:00:00
suse
suse
Security update for qemu (important)
2020-04-07 00:00:00
oraclelinux
oraclelinux
qemu security update
2021-02-08 00:00:00