CVE-2019-5008: Null Pointer Dereference
First published: Fri Apr 19 2019(Updated: )
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u12 1:9.2.0+ds-2 1:9.2.0+ds-5 | |
| QEMU KVM | =3.1.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html
- http://www.securityfocus.com/bid/108024
- https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/
- https://git.qemu.org/?p=qemu.git;a=history;f=hw/sparc64/sun4u.c;hb=HEAD
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/
- https://usn.ubuntu.com/3978-1/
- https://launchpad.net/bugs/cve/CVE-2019-5008
- https://git.qemu.org/?p=qemu.git%3Ba=history%3Bf=hw/sparc64/sun4u.c%3Bhb=HEAD
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/
- https://git.qemu.org/?p=qemu.git;a=commit;h=ad280559c68360c9f1cd7be063857853759e6a73
- https://git.qemu.org/?p=qemu.git;a=commitdiff;h=25c5d5acfbaa148b2da64b1f2c1401f87ebb0bb4
- https://security-tracker.debian.org/tracker/CVE-2019-5008
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5008
- https://nvd.nist.gov/vuln/detail/CVE-2019-5008
- https://ubuntu.com/security/CVE-2019-5008
Frequently Asked Questions
What is CVE-2019-5008?
CVE-2019-5008 is a vulnerability in QEMU 3.1.50 that allows an attacker to cause a denial of service via a device driver.
How can the CVE-2019-5008 vulnerability be exploited?
The CVE-2019-5008 vulnerability can be exploited by triggering a NULL pointer dereference in the hw/sparc64/sun4u.c file of QEMU 3.1.50.
What is the severity of CVE-2019-5008?
The severity of CVE-2019-5008 is not mentioned in the provided information.
How do I fix the CVE-2019-5008 vulnerability?
To fix the CVE-2019-5008 vulnerability, update QEMU to version 2.0.0+dfsg-2ubuntu1.46 (for Ubuntu), 1:2.12+dfsg-3ubuntu8.7 (for Ubuntu), 1:3.1+dfsg-2ubuntu3.1 (for Ubuntu), 1:3.1+dfsg-8+deb10u8 or later (for Debian).
Where can I find more information about CVE-2019-5008?
You can find more information about CVE-2019-5008 at the following references: http://www.securityfocus.com/bid/108024, https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/, https://git.qemu.org/?p=qemu.git;a=history;f=hw/sparc64/sun4u.c;hb=HEAD
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/event
- agent/trending
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- package-manager/debian
- vendor/qemu
- canonical/qemu kvm
- version/qemu kvm/3.1.50