CVE-2023-1544 — Out-of-bounds Read in Qemu

CWE-125 — Out-of-bounds Read CWE-770 — Allocation of Resources Without Limits or Throttling10 documents7 sources

Severity

6.3MEDIUMNVD

OSV3.2

EPSS

0.1%

top 81.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Fedoraproject Fedora +5 more

Timeline

PublishedMar 23

Latest updateJun 6

Description

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:HExploitability: 1.8 | Impact: 4.0

Affected Packages9 packages

▶debiandebian/qemu< qemu 1:7.2+dfsg-7+deb12u3 (bookworm)

▶Debianqemu/qemu< 1:5.2+dfsg-11+deb11u4+3

▶Ubuntuqemu/qemu< 1:4.2-3ubuntu6.28+3

▶NVDqemu/qemu7.2.0

▶msrcmsrc/azl3_qemu_8.2.0-1_on_azure_linux_3.0

Also affects: Fedora 37

Patches

Patch: bugzilla.redhat.com ↗Patch: lists.nongnu.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

qemu regression↗2024-06-06

▶

OSV

qemu vulnerabilities↗2024-01-08

▶

GHSA

GHSA-8j56-863j-pww9: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device↗2023-03-23

▶

OSV

CVE-2023-1544: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device↗2023-03-23

▶

📋Vendor Advisories

Ubuntu

QEMU regression↗2024-06-06

▶

Ubuntu

QEMU vulnerabilities↗2024-01-08

▶

Microsoft

Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()↗2023-03-14

▶

Red Hat

QEMU: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()↗2023-02-27

▶

Debian

CVE-2023-1544: qemu - A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device....↗2023

▶