CVE-2023-41051 — Out-of-bounds Read in Project Vm-memory
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 95.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 1
Latest updateSep 12
Description
In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-o…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6
Affected Packages11 packages
Patches
🔴Vulnerability Details
4OSV▶
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses↗2023-09-04
GHSA▶
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses↗2023-09-04
OSV▶
CVE-2023-41051: In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost↗2023-09-01
OSV▶
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses↗2023-09-01