Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 681850 (CVE-2018-20815) - <app-emulation/qemu-3.1.0-r4: device_tree: heap buffer overflow while loading device tree blob
Summary: <app-emulation/qemu-3.1.0-r4: device_tree: heap buffer overflow while loading...
Alias: CVE-2018-20815
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa+ cve]
Depends on: CVE-2019-9824
  Show dependency tree
Reported: 2019-03-27 10:27 UTC by Agostino Sarubbo
Modified: 2019-08-03 15:19 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2019-03-27 10:27:00 UTC
From ${URL} :

A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load device tree blob at boot time. It 
occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type.

A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process.

Upstream patch:

'CVE-2018-20815' assigned via ->

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Larry the Git Cow gentoo-dev 2019-04-08 02:52:29 UTC
The bug has been referenced in the following commit(s):

commit 6fec2a540ce3e7cbd378287ee2837aeba6406eaf
Author:     Matthias Maier <>
AuthorDate: 2019-04-08 02:26:43 +0000
Commit:     Matthias Maier <>
CommitDate: 2019-04-08 02:51:08 +0000

    app-emulation/qemu: multiple security fixes for 3.1.0
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Matthias Maier <>

 app-emulation/qemu/Manifest             | 1 +
 app-emulation/qemu/qemu-3.1.0-r4.ebuild | 6 ++----
 2 files changed, 3 insertions(+), 4 deletions(-)
Comment 2 Matthias Maier gentoo-dev 2019-04-08 03:29:03 UTC
Arches, please stabilize app-emulation/qemu-3.1.0-r4
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-08 13:21:33 UTC
amd64 stable
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2019-04-18 20:35:00 UTC
x86 stable
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2019-04-18 21:35:30 UTC
@maintainer, please clean vulnerable.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2019-04-25 00:00:40 UTC
This issue was resolved and addressed in
 GLSA 201904-25 at
by GLSA coordinator Aaron Bauman (b-man).
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2019-04-25 00:01:12 UTC
re-opened for cleanup