CVE-2019-5008 - hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the atta

CVE-2019-5008

Summary

hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html
http://www.securityfocus.com/bid/108024
https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/
https://git.qemu.org/?p=qemu.git;a=history;f=hw/sparc64/sun4u.c;hb=HEAD
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/
https://usn.ubuntu.com/3978-1/

Vulnerable Configurations

cpe:2.3:a:qemu:qemu:3.1.50:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:3.1.50:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 14-05-2019 - 20:29)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	108024
fedora	FEDORA-2019-52a8f5468e FEDORA-2019-e9de40d53f
misc	https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/ https://git.qemu.org/?p=qemu.git;a=history;f=hw/sparc64/sun4u.c;hb=HEAD
suse	openSUSE-SU-2019:2041
ubuntu	USN-3978-1

Last major update

14-05-2019 - 20:29

Published

19-04-2019 - 19:29

Last modified

14-05-2019 - 20:29