Out-of-Bounds Read Vulnerability in QEMU Affects Multiple Versions
CVE-2019-3812

4.4MEDIUM

Key Information:

Vendor

The Qemu Project

Status
Qemu
Vendor
CVE Published:
19 February 2019

What is CVE-2019-3812?

QEMU, through version 2.10 and up to version 3.1.0, contains a vulnerability that allows a local attacker with the ability to execute i2c commands to perform an out-of-bounds read of up to 128 bytes in the i2c_ddc() function located in hw/i2c/i2c-ddc.c. This can lead to unauthorized access to stack memory, potentially exposing sensitive information about the qemu process on the host system. Remediation is highly recommended to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

qemu through version 2.10 and through to 3.1.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812
x_refsource_CONFIRM
http://www.securityfocus.com/bid/107059
vdb-entryx_refsource_BID
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.