What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2019-9824.

What is the severity of CVE-2019-9824?

The severity of CVE-2019-9824 is low.

How can I fix CVE-2019-9824?

To fix CVE-2019-9824, update QEMU to version 3.1+dfsg-2ubuntu4 or later.

Where can I find more information about CVE-2019-9824?

You can find more information about CVE-2019-9824 at the following references: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html, https://www.openwall.com/lists/oss-security/2019/03/18/1, https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1689794.

Vulnerability/
CVE-2019-9824

medium

5.5

CWE

908 200

19/2/2019

1/3/2019

3/6/2019

21/11/2024

CVE-2019-9824: Infoleak

First published: Tue Feb 19 2019(Updated: )

An information leak issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating Identification protocol and crafted/malformed messages are sent making it return uninitialized variables. A user/process could use this flaw to read uninitialised stack memory contents from the QEMU process resulting in information leakage. Upstream patch: --------------- -> <a href="https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html">https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html</a> Reference: ---------- -> <a href="https://www.openwall.com/lists/oss-security/2019/03/18/1">https://www.openwall.com/lists/oss-security/2019/03/18/1</a>

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/qemu-kvm	<2:0.12.1.2-2.506.el6_10.4	2:0.12.1.2-2.506.el6_10.4
redhat/qemu-kvm	<10:1.5.3-167.el7	10:1.5.3-167.el7
redhat/qemu-kvm-rhev	<10:2.12.0-33.el7	10:2.12.0-33.el7
QEMU qemu	=3.0.0
debian/qemu		1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u7 1:9.2.0+ds-2
debian/slirp4netns		1.0.1-2 1.2.0-1 1.2.1-1

Remedy

https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2019-9824.
What is the severity of CVE-2019-9824?
The severity of CVE-2019-9824 is low.
What is the affected software?
The affected software is QEMU.
How can I fix CVE-2019-9824?
To fix CVE-2019-9824, update QEMU to version 3.1+dfsg-2ubuntu4 or later.
Where can I find more information about CVE-2019-9824?
You can find more information about CVE-2019-9824 at the following references: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html, https://www.openwall.com/lists/oss-security/2019/03/18/1, https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1689794.

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-9824
agent/author
agent/weakness
agent/severity
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/remedy
agent/references
agent/tags
agent/description
agent/event
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/trending
package-manager/redhat
vendor/qemu
canonical/qemu qemu
version/qemu qemu/3.0.0
package-manager/debian