QEMU 'i2c_ddc()' function out-of-bounds read vulnerability

QEMU Quick Emulator is a set of simulation processor software by French software developer Fabrice Bellard. The software is fast, cross-platform and other characteristics. An out-of-bounds read vulnerability exists in the 'i2cddc' function of the hw/i2c/i2c-ddc.c file in QEMU versions 2.10 and...

CVE-2019-3812

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2cddc function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host...