Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2023-4135

Published: August 4, 2023Last modified: September 16, 2023

Description

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

Severity score breakdown

ParameterValue
Base score6.5
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeCHANGED
ConfidentialityHIGH
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSqemuVulnerable (7.1.0-r4)
StreamqemuVulnerable (8.0.2-r0)

References

ON THIS PAGE