CVE-2019-15034

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
qemuqemu
4.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
jessie
not-affected
sid
1:9.1.1+ds-2
fixed
stretch
not-affected
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
bionic
not-affected
eoan
Fixed 1:4.0+dfsg-0ubuntu9.6
released
focal
not-affected
trusty
not-affected
xenial
not-affected
qemu-kvm
bionic
dne
eoan
dne
focal
dne
trusty
dne
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
qemu
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-arm
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-audio-alsa
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-audio-oss
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-audio-pa
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-audio-sdl
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
qemu-block-curl
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-block-iscsi
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-block-rbd
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-block-ssh
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-guest-agent
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-kvm
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-lang
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-ppc
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-s390
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-seabios
suse enterprise sap 12 SP5
1.12.0-3.9.1
fixed
suse enterprise sap 15 SP1
1.12.0-9.14.1
fixed
suse enterprise server 12 SP5
1.12.0-3.9.1
fixed
suse enterprise server 15 SP1
1.12.0-9.14.1
fixed
qemu-sgabios-8
suse enterprise sap 12 SP5
3.9.1
fixed
suse enterprise sap 15 SP1
9.14.1
fixed
suse enterprise server 12 SP5
3.9.1
fixed
suse enterprise server 15 SP1
9.14.1
fixed
qemu-tools
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
qemu-ui-curses
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-ui-gtk
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
qemu-ui-sdl
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
qemu-vgabios
suse enterprise sap 12 SP5
1.12.0-3.9.1
fixed
suse enterprise sap 15 SP1
1.12.0-9.14.1
fixed
suse enterprise server 12 SP5
1.12.0-3.9.1
fixed
suse enterprise server 15 SP1
1.12.0-9.14.1
fixed
qemu-x86
suse enterprise sap 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise sap 15 SP1
3.1.1.1-9.14.1
fixed
suse enterprise server 12 SP5
3.1.1.1-3.9.1
fixed
suse enterprise server 15 SP1
3.1.1.1-9.14.1
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html
https://usn.ubuntu.com/4372-1/
https://www.debian.org/security/2020/dsa-4665
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html
https://usn.ubuntu.com/4372-1/
https://www.debian.org/security/2020/dsa-4665