UBUNTU-CVE-2019-3812

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-3812

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-3812.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2019-3812

Upstream

CVE-2019-3812

Downstream

USN-3923-1

Related

USN-3923-1

Published

2019-02-19T00:00:00Z

Modified

2025-09-08T16:45:13Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
4.4 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

References

Affected packages

Ubuntu:18.04:LTS / qemu

Package

Name: qemu
Purl: pkg:deb/ubuntu/qemu@1:2.11+dfsg-1ubuntu7.12?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.11+dfsg-1ubuntu7.12

Affected versions

1:2.*

1:2.10+dfsg-0ubuntu3

1:2.10+dfsg-0ubuntu4

1:2.10+dfsg-0ubuntu5

1:2.11+dfsg-1ubuntu1

1:2.11+dfsg-1ubuntu2

1:2.11+dfsg-1ubuntu4

1:2.11+dfsg-1ubuntu5

1:2.11+dfsg-1ubuntu6

1:2.11+dfsg-1ubuntu7

1:2.11+dfsg-1ubuntu7.1

1:2.11+dfsg-1ubuntu7.2

1:2.11+dfsg-1ubuntu7.3

1:2.11+dfsg-1ubuntu7.4

1:2.11+dfsg-1ubuntu7.5

1:2.11+dfsg-1ubuntu7.6

1:2.11+dfsg-1ubuntu7.7

1:2.11+dfsg-1ubuntu7.8

1:2.11+dfsg-1ubuntu7.9

1:2.11+dfsg-1ubuntu7.10

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-block-extra"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-guest-agent"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-kvm"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-system"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-system-arm"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-system-common"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-system-mips"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-system-misc"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-system-ppc"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-system-s390x"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-system-sparc"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-system-x86"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-user"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-user-binfmt"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-user-static"
        },
        {
            "binary_version": "1:2.11+dfsg-1ubuntu7.12",
            "binary_name": "qemu-utils"
        }
    ],
    "availability": "No subscription required"
}