CVE-2019-15034

low-risk
Published 2020-03-10

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.8/10 Medium
LOCAL / HIGH complexity

Affected Products (1)

Affected Vendors

Qemu

References (8)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
Mailing List https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html
https://usn.ubuntu.com/4372-1/
https://www.debian.org/security/2020/dsa-4665
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
Mailing List https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html
https://usn.ubuntu.com/4372-1/
https://www.debian.org/security/2020/dsa-4665
21
/ 100
low-risk
Severity 15/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal