VDB
CVE-2019-3812
CVE-2019-3812
PUBLISHED
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
EPSS 0.07% · 22.4th percentile
Risk Scores
EPSS Score
0.07%
22.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | qemu | 0, 1:2.10+dfsg-0ubuntu3, 1:2.10+dfsg-0ubuntu4 |
Exploit Intelligence
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812 (circl)
- 107059 (circl)
- FEDORA-2019-88a98ce795 (circl)
- USN-3923-1 (circl)
- FEDORA-2019-0664c7724d (circl)
- openSUSE-SU-2019:1274 (circl)
- openSUSE-SU-2019:1405 (circl)
- DSA-4454 (circl)
- 20190531 [SECURITY] [DSA 4454-1] qemu security update (circl)
Timeline
- Feb 17, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-3812 third-party-advisory
- https://ubuntu.com/security/notices/USN-3923-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-3812 third-party-advisory