What is the severity of CVE-2019-3812?

CVE-2019-3812 has been classified with a medium severity level due to the potential for local attackers to exploit vulnerabilities in QEMU.

How do I fix CVE-2019-3812?

To fix CVE-2019-3812, update QEMU to a version later than 3.1.0 or apply the corresponding patches provided by your Linux distribution.

Who is affected by CVE-2019-3812?

CVE-2019-3812 affects QEMU versions from 2.10 to 3.1.0 across several Linux distributions including Debian, Fedora, and Ubuntu.

What can an attacker achieve by exploiting CVE-2019-3812?

Exploiting CVE-2019-3812 allows a local attacker with permission to execute i2c commands to read up to 128 bytes of stack memory from the QEMU process.

Which specific software versions are vulnerable to CVE-2019-3812?

The vulnerable versions include QEMU 2.10 up to 3.1.0 across various distributions, as well as certain packaged versions from Debian and other Linux systems.

Vulnerability/
CVE-2019-3812

medium

5.5

CWE

119 125

19/2/2019

21/11/2024

CVE-2019-3812: Buffer Overflow

First published: Tue Feb 19 2019(Updated: )

Last updated 24 July 2024

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
debian/qemu		1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u7 1:9.1.2+ds-1
QEMU KVM	>=2.10.0<=3.1.0
Fedoraproject Fedora	=29
Fedoraproject Fedora	=30
Ubuntu Linux	=18.04
Ubuntu Linux	=18.10
openSUSE	=42.3

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-3812?
CVE-2019-3812 has been classified with a medium severity level due to the potential for local attackers to exploit vulnerabilities in QEMU.
How do I fix CVE-2019-3812?
To fix CVE-2019-3812, update QEMU to a version later than 3.1.0 or apply the corresponding patches provided by your Linux distribution.
Who is affected by CVE-2019-3812?
CVE-2019-3812 affects QEMU versions from 2.10 to 3.1.0 across several Linux distributions including Debian, Fedora, and Ubuntu.
What can an attacker achieve by exploiting CVE-2019-3812?
Exploiting CVE-2019-3812 allows a local attacker with permission to execute i2c commands to read up to 128 bytes of stack memory from the QEMU process.
Which specific software versions are vulnerable to CVE-2019-3812?
The vulnerable versions include QEMU 2.10 up to 3.1.0 across various distributions, as well as certain packaged versions from Debian and other Linux systems.

agent/type
collector/launchpad-cve
source/Launchpad
agent/weakness
collector/mitre-cve
source/MITRE
agent/severity
collector/usn-cve
source/Ubuntu
agent/references
agent/remedy
agent/first-publish-date
agent/description
agent/last-modified-date
agent/author
agent/event
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
collector/nvd-api
package-manager/debian
vendor/qemu
canonical/qemu kvm
version/qemu kvm/2.10.0
version/qemu kvm/3.1.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/29
version/fedoraproject fedora/30
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/18.04
version/ubuntu linux/18.10
vendor/opensuse
canonical/opensuse
version/opensuse/42.3

Frequently Asked Questions

What is the severity of CVE-2019-3812?
CVE-2019-3812 has been classified with a medium severity level due to the potential for local attackers to exploit vulnerabilities in QEMU.
How do I fix CVE-2019-3812?
To fix CVE-2019-3812, update QEMU to a version later than 3.1.0 or apply the corresponding patches provided by your Linux distribution.
Who is affected by CVE-2019-3812?
CVE-2019-3812 affects QEMU versions from 2.10 to 3.1.0 across several Linux distributions including Debian, Fedora, and Ubuntu.
What can an attacker achieve by exploiting CVE-2019-3812?
Exploiting CVE-2019-3812 allows a local attacker with permission to execute i2c commands to read up to 128 bytes of stack memory from the QEMU process.
Which specific software versions are vulnerable to CVE-2019-3812?
The vulnerable versions include QEMU 2.10 up to 3.1.0 across various distributions, as well as certain packaged versions from Debian and other Linux systems.

CVE-2019-3812: Buffer Overflow

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-3812?

How do I fix CVE-2019-3812?

Who is affected by CVE-2019-3812?

What can an attacker achieve by exploiting CVE-2019-3812?

Which specific software versions are vulnerable to CVE-2019-3812?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-3812?

How do I fix CVE-2019-3812?

Who is affected by CVE-2019-3812?

What can an attacker achieve by exploiting CVE-2019-3812?

Which specific software versions are vulnerable to CVE-2019-3812?