Description
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Changed
Confidentiality: High
Integrity: None
Availability: None
Affected Packages3 packages
Also affects: Fedora 38
🔴Vulnerability Details
5OSVqemu regression↗2024-06-06 OSVqemu vulnerabilities↗2024-01-08 CVEListOut-of-bounds read information disclosure vulnerability↗2023-08-04 GHSAGHSA-fw85-m9vg-m8jv: A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU↗2023-08-04 OSVCVE-2023-4135: A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU↗2023-08-04 📋Vendor Advisories
4UbuntuQEMU regression↗2024-06-06 UbuntuQEMU vulnerabilities↗2024-01-08 Red HatQEMU: NVMe: out-of-bounds read information disclosure vulnerability↗2023-08-03 DebianCVE-2023-4135: qemu - A heap out-of-bounds memory read flaw was found in the virtual nvme device in QE...↗2023