Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3812

Опубликовано: 18 фев. 2019
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the QEMU process on the host.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 8qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 14 (Rocky)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 8 (Liberty)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1665792qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure

EPSS

Процентиль: 24%
0.00078
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3812

CVSS3: 4.4
ubuntu
больше 6 лет назад

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

nvd логотип

CVE-2019-3812

CVSS3: 4.4
nvd
больше 6 лет назад

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

debian логотип

CVE-2019-3812

CVSS3: 4.4
debian
больше 6 лет назад

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to ...

github логотип

GHSA-4mh7-g8hh-qp2p

CVSS3: 5.5
github
около 3 лет назад

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

fstec логотип

BDU:2020-00722

CVSS3: 5.5
fstec
около 6 лет назад

Уязвимость функций i2c_ddc эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 24%
0.00078
Низкий

4.4 Medium

CVSS3