Vulnerability Details CVE-2019-6501
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.9%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://www.openwall.com/lists/oss-security/2019/01/24/1
- https://access.redhat.com/errata/RHSA-2019:2166
- https://access.redhat.com/errata/RHSA-2019:2425
- https://access.redhat.com/errata/RHSA-2019:2553
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
- https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html
- https://security.netapp.com/advisory/ntap-20190411-0006/
- http://www.openwall.com/lists/oss-security/2019/01/24/1
- https://access.redhat.com/errata/RHSA-2019:2166
- https://access.redhat.com/errata/RHSA-2019:2425
- https://access.redhat.com/errata/RHSA-2019:2553
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
- https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html
- https://security.netapp.com/advisory/ntap-20190411-0006/
Products affected by CVE-2019-6501
-
cpe:2.3:a:qemu:qemu:3.1
-
cpe:2.3:o:fedoraproject:fedora:30