Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 672346 (CVE-2018-19665)

Summary: <app-emulation/qemu-3.1.0: Integer overflow in Bluetooth routines allows memory corruption
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: tamiko, virtualization
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 673108    
Bug Blocks:    

Description D'juan McDonald (domhnall) 2018-12-01 17:10:34 UTC
An integer overflow resulting in memory corruption issue was found in various Bluetooth functions. It could occur in routines wherein 'len' parameter is a 'signed int' which subsequently converts to an unsigned integer resulting in memcpy() copying large amounts of memory.

A user inside guest could use this flaw to crash the Qemu process resulting in DoS.

Patches: (v2) (v1)

@maintainer(s): please call for stabilization when ready, thank you. 

Gentoo Security Padawan
Comment 1 Larry the Git Cow gentoo-dev 2018-12-19 21:47:05 UTC
The bug has been referenced in the following commit(s):

commit 40e4d2a3c32609b313962224ee9d2a96075734b8
Author:     Matthias Maier <>
AuthorDate: 2018-12-19 21:11:21 +0000
Commit:     Matthias Maier <>
CommitDate: 2018-12-19 21:46:41 +0000

    app-emulation/qemu: version bump to 3.1.0
     - use RESTRICT=strip, bug #651422
     - switch to tar.xz, bug #666726
     - add missing use constraints, bug #664474
       qemu_softmmu_targets_riscv32? ( fdt )
       qemu_softmmu_targets_riscv64? ( fdt )
     - 3.1.0 already contains patches for CVE-2018-15746
     - applied patch for CVE-2018-20123
     - disable bt subsystem entirely as a "workaround" for CVE-2018-19665.
       Upstream deprecated the subsystem in November and states that it had
       been dysfunctional for years with likely no users.
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Matthias Maier <>

 app-emulation/qemu/Manifest                        |   1 +
 .../qemu/files/qemu-3.1.0-CVE-2018-20123.patch     |  35 +
 app-emulation/qemu/files/qemu-binfmt.initd.head    |   2 +-
 app-emulation/qemu/qemu-2.12.0-r3.ebuild           |   2 +-
 app-emulation/qemu/qemu-2.12.1.ebuild              |   2 +-
 app-emulation/qemu/qemu-3.1.0.ebuild               | 821 +++++++++++++++++++++
 6 files changed, 860 insertions(+), 3 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2019-02-19 00:19:35 UTC
The bug has been referenced in the following commit(s):

commit 1e67fc2d360f6924368ffdf10519f47bb35e16ab
Author:     Matthias Maier <>
AuthorDate: 2019-02-19 00:11:46 +0000
Commit:     Matthias Maier <>
CommitDate: 2019-02-19 00:19:02 +0000

    app-emulation/qemu: drop vulnerable, bug #678302
    Package-Manager: Portage-2.3.60, Repoman-2.3.12
    Signed-off-by: Matthias Maier <>

 app-emulation/qemu/Manifest           |   2 -
 app-emulation/qemu/metadata.xml       |   2 -
 app-emulation/qemu/qemu-2.12.1.ebuild | 818 ----------------------------------
 3 files changed, 822 deletions(-)
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2019-03-10 06:17:58 UTC
Arches and Maintainer(s), Thank you for your work.
GLSA Vote: No
Closing noglsa.