CVE-2023-4135

Out-of-bounds read information disclosure vulnerability

Published: 8/4/2023 Last updated: 8/2/2024 Reserved: 8/3/2023

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6	Medium	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (12)

Product	Vendor	Version
Extra Packages for Enterprise Linux	Fedora	22.0 ap372643
Fedora	Fedora	15.2(6)E2b
Red Hat Enterprise Linux 7	Red Hat	ArubaOS 8.11.x.x: 8.11.2.0 and below
Red Hat Enterprise Linux 7	Red Hat	<= 6.15.*
Red Hat Enterprise Linux 9	Red Hat	22.0 ap370615
Red Hat Enterprise Linux 6	Red Hat	22.0 ap370654
Red Hat Enterprise Linux 6	Red Hat	<= 6.12.*
Red Hat Enterprise Linux 7	Red Hat	<= *
Red Hat Enterprise Linux 7	Red Hat	22.0 ap370138
Red Hat Enterprise Linux 8	Red Hat	ArubaOS 8.10.x.x: 8.10.0.9 and below
qemu-kvm	n/a	<= 6.6.*
qemu-kvm	n/a	ArubaOS 10.4.x.x: 10.4.0.3 and below

References (16)

Credits (2)

Red Hat would like to thank Trend Micro Zero Day Initiative for reporting this issue.
Red Hat would like to thank Trend Micro Zero Day Initiative for reporting this issue.