CVE-2023-4135

Out-of-bounds read information disclosure vulnerability

Published: 8/4/2023 Last updated: 8/2/2024 Reserved: 8/3/2023

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6	Medium	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (9)

Product	Vendor	Version
Fedora	Fedora	n/a
Extra Packages for Enterprise Linux	Fedora	n/a
Red Hat Enterprise Linux 9	Red Hat	< 3.5.1
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	Android-11
Red Hat Enterprise Linux 7	Red Hat	< 102.5
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	< 18.4
Red Hat Enterprise Linux 8	Red Hat	n/a
qemu-kvm	n/a	n/a

References (8)

Credits (1)

Red Hat would like to thank Trend Micro Zero Day Initiative for reporting this issue.