QEMU through version 2.10 through to 3.1.0 is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. Systems without a monitor connected are affected, a virtual monitor is presented to virtual guests. Systems with no graphics cards attached to the virtual host are not affected. Upstream patch: https://github.com/qemu/qemu/commit/b05b267840515730dbf6753495d5b7bd8b04ad1c