oss-sec mailing list archives
CVE-2019-3812 - qemu - Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure
From: Wade Mealing <wmealing () redhat com>
Date: Mon, 18 Feb 2019 13:21:59 +1000
QEMU through version 2.10 through to 3.1.0 is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c in the function i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. This was fixed upstream in commit 5b267840515730dbf6753495d5b7bd8b04ad1c Systems without a monitor connected are affected, as are virtual monitor is presented to virtual guests. Systems with no graphics cards attached to the virtual host are not affected. This seems to be an information leak of stack contents which can be used to defeat some kernel level protections and simplify further attacks. Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1665792 Github patch on qemu: https://github.com/qemu/qemu/commit/b05b267840515730dbf6753495d5b7bd8b04ad1c Thanks, -- Wade Mealing Product Security - Kernel, RHCE Red Hat wmealing () redhat com TRIED. TESTED. TRUSTED.
Current thread:
- CVE-2019-3812 - qemu - Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure Wade Mealing (Feb 17)