DescriptionThe Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs916278

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)buster, buster (security)1:3.1+dfsg-8+deb10u8fixed
bullseye (security), bullseye1:5.2+dfsg-11+deb11u2fixed
bookworm, sid1:7.0+dfsg-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[stretch] - qemu <ignored> (Minor issue)
[jessie] - qemu <ignored> (Minor issue, bluetooth subsystem unmaintained/unusable and now deprecated, no sanctioned patch)
initial patch disputed
second patch never accepted, no activity as of 20190909 (bluetooth subsystem deprecated in 3.1) (bluetooth subsystem removed in 5.0)

Search for package or bug name: Reporting problems