CVE-2019-3812

Summary

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

Affected Software

VendorProductVersion RangeStatus
The QEMU Projectqemuthrough version 2.10 and through to 3.1.0affected

Weaknesses

  • CWE-119: CWE-119

ADP Enrichment

CVE Program Container

Additional References

References