A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
| Version | Score | Severity | Vector String |
|---|---|---|---|
| 3.1 | 6 | Medium | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
| Product | Vendor | Version |
|---|---|---|
| Red Hat Enterprise Linux 8 Advanced Virtualization | Red Hat | < 22.4R3-S8 |