CVE-2023-4135

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-4135

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4135.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-4135

Related

USN-6567-1

Published

2023-08-04T14:15:12Z

Modified

2024-09-03T04:35:13.536306Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

References

Affected packages

Git / github.com/qemu/qemu

Affected ranges

Type: GIT
Repo: https://github.com/qemu/qemu
Events: Introduced

c1eb2ddf0f8075faddc5f7c3d39feae3e8e9d6b4

Fixed

7e5a8bb22368b3555644cb2debd3df24592f3a21

Affected versions

v8.*

v8.0.0

v8.1.0-rc0

v8.1.0-rc1

v8.1.0-rc2

v8.1.0-rc3

v8.1.0-rc4