CVE-2023-3180Heap-based Buffer Overflow in Qemu

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write12 documents9 sources
Severity
6.5MEDIUMNVD
CNA6.0OSV3.2
EPSS
0.0%
top 97.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian LinuxFedoraproject Fedora
Timeline
PublishedAug 3
Latest updateDec 27

Description

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

NVDqemu/qemu< 8.1.0+1
Debianqemu/qemu< 1:5.2+dfsg-11+deb11u3+3
Ubuntuqemu/qemu< 1:4.2-3ubuntu6.28+3

Also affects: Debian Linux 10.0, Fedora 38

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
OSV
qemu regression2024-06-06
OSV
qemu vulnerabilities2024-01-08
GHSA
GHSA-p36c-2mv6-8m8q: A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req2023-08-03
CVEList
Heap buffer overflow in virtio_crypto_sym_op_helper()2023-08-03
OSV
CVE-2023-3180: A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req2023-08-03

📋Vendor Advisories

5
Ubuntu
QEMU regression2024-06-06
Ubuntu
QEMU vulnerabilities2024-01-08
Microsoft
Heap buffer overflow in virtio_crypto_sym_op_helper()2023-08-08
Red Hat
QEMU: virtio-crypto: heap buffer overflow in virtio_crypto_sym_op_helper()2023-08-03
Debian
CVE-2023-3180: qemu - A flaw was found in the QEMU virtual crypto device while handling data encryptio...2023

📄Research Papers

1
arXiv
Breaking Isolation: A New Perspective on Hypervisor Exploitation via Cross-Domain Attacks2025-12-27