QwikSec

Security Database

CVE

CWE

Training

CVE-2019-3812

Published: Feb 19, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

4.4

MEDIUM

Description

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

Vendor	Product	Versions
The QEMU Project	qemu	affected `through version 2.10 and through to 3.1.0`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

FEDORA-2019-88a98ce795

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_UBUNTU

FEDORA-2019-0664c7724d

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2019:1274

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1405

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_DEBIAN

20190531 [SECURITY] [DSA 4454-1] qemu security update

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.