Home

CVE-2019-15034

Description

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

Risk Information

Base Score
5.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
EPSS Score
Exploitation Probability
0.191

Associated Vulnerability

VulnerabilityOS Platform
qemu security update(DSA-4665-1) qemu_3.1+dfsg-8+deb10u5_i386.debLinux
qemu security update(DSA-4665-1) qemu_3.1+dfsg-8+deb10u5_amd64.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu_4.2-3ubuntu6.1_amd64.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu_4.0+dfsg-0ubuntu9.6_i386.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu_4.0+dfsg-0ubuntu9.6_amd64.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu_2.11+dfsg-1ubuntu7.26_i386.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu_2.11+dfsg-1ubuntu7.26_amd64.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu_2.5+dfsg-5ubuntu10.44_i386.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu_2.5+dfsg-5ubuntu10.44_amd64.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu-system_4.2-3ubuntu6.1_amd64.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu-system_4.0+dfsg-0ubuntu9.6_i386.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu-system_4.0+dfsg-0ubuntu9.6_amd64.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu-system_2.11+dfsg-1ubuntu7.26_i386.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu-system_2.11+dfsg-1ubuntu7.26_amd64.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu-system_2.5+dfsg-5ubuntu10.44_i386.debLinux
Machine emulator and virtualizer (USN-4372-1) qemu-system_2.5+dfsg-5ubuntu10.44_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234