Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15034

Опубликовано: 12 авг. 2019
Источник: redhat
CVSS3: 5.8
EPSS Низкий

Описание

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

A buffer overflow flaw was found in the way the Bochs display driver of QEMU handled the PCIe extended configuration space when the device is connected to a PCIe bus. Accessing the PCIe extended config space could overflow the conventional PCI config space buffer due to limited memory allocation. As the PCIe config space is guest writeable, this flaw allows a local attacker to gain access and potentially execute arbitrary code on the host with the privileges of the QEMU process.

Отчет

This flaw does not affect the module streamvirt:8.1/qemu-kvm as shipped with RHEL Advanced Virtualization, as it already includes the patch. Several other packages are unaffected because they do not include PCIe support:

  • kvm and xen as shipped with Red Hat Enterprise Linux 5
  • qemu-kvm as shipped with Red Hat Enterprise Linux 6 and 7
  • qemu-kvm-rhev as shipped with Red Hat Enterprise Linux 7
  • virt:rhel/qemu-kvm as shipped with Red Hat Enterprise Linux 8
  • qemu-kvm-rhev as shipped with Red Hat OpenStack Platform 10 and 13

Меры по смягчению последствий

Use -device bochs-display as conventional PCI device only.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 8virt:rhel/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.1/qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=1812659qemu: hw/display/bochs-display.c does not ensure a sufficient PCI config space allocation leading to a buffer overflow involving the PCIe extended config space

EPSS

Процентиль: 40%
0.00178
Низкий

5.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15034

CVSS3: 5.8
ubuntu
больше 5 лет назад

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

nvd логотип

CVE-2019-15034

CVSS3: 5.8
nvd
больше 5 лет назад

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

debian логотип

CVE-2019-15034

CVSS3: 5.8
debian
больше 5 лет назад

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient ...

github логотип

GHSA-7pcg-64mr-xg9c

CVSS3: 5.8
github
около 3 лет назад

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

suse-cvrf логотип

openSUSE-SU-2020:0468-1

suse-cvrf
около 5 лет назад

Security update for qemu

EPSS

Процентиль: 40%
0.00178
Низкий

5.8 Medium

CVSS3

Уязвимость CVE-2019-15034