Description
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
References (7)
Core 7
Core References
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/01/24/1
Exploit, Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190411-0006/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2166
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2425
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2553
Scores
CVSS v3
5.5
EPSS
0.0012
EPSS Percentile
30.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
CWE-787
Status
published
Products (2)
fedoraproject/fedora
30
qemu/qemu
3.1
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026