hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the malicious user to cause a denial of service via a device driver.
Debian Bug report logs -
#927439
qemu: CVE-2019-5008
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 19 Apr 2019 20:42:02 UTC
Severity: important
Tags: patch, security, upstream
Found in version ...
A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type A user/process could use this flaw to potentially execute arbitrary code on a host system with p ...