A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of src_len
and dst_len
in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ.