A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.
| Version | Score | Severity | Vector String |
|---|---|---|---|
| 3.1 | 6 | Medium | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| Product | Vendor | Version |
|---|---|---|
| Fedora | Fedora | n/a |
| Extra Packages for Enterprise Linux | Fedora | n/a |
| Red Hat Enterprise Linux 6 | Red Hat | n/a |
| Red Hat Enterprise Linux 7 | Red Hat | Android-11 |
| Red Hat Enterprise Linux 7 | Red Hat | < 102.5 |
| Red Hat Enterprise Linux 8 | Red Hat | n/a |
| qemu-kvm | n/a | n/a |