Unrated severityNVD Advisory· Published Feb 19, 2019· Updated Aug 4, 2024
CVE-2019-3812
CVE-2019-3812
Description
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords6 versionspkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
< 2.11.2-lp150.7.22.1+ 5 more
- (no CPE)range: < 2.11.2-lp150.7.22.1
- (no CPE)range: < 2.11.2-5.13.1
- (no CPE)range: < 2.11.2-9.25.1
- (no CPE)range: < 2.11.2-9.25.1
- (no CPE)range: < 2.11.2-5.13.1
- (no CPE)range: < 2.11.2-5.13.1
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/3923-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4454mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/107059mitrevdb-entryx_refsource_BID
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- seclists.org/bugtraq/2019/May/76mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.