Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-1544

Опубликовано: 27 фев. 2023
Источник: redhat
CVSS3: 6
EPSS Низкий

Описание

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.

Отчет

The versions of qemu-kvm as shipped with Red Hat Enterprise Linux and RHEL Advanced Virtualization are not affected by this flaw, as they are not built with PVRDMA support.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 8virt:rhel/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/qemu-kvmNot affected
Red Hat Enterprise Linux 9qemu-kvmNot affected
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2180364QEMU: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()

EPSS

Процентиль: 14%
0.00046
Низкий

6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-1544

CVSS3: 6
ubuntu
больше 2 лет назад

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.

nvd логотип

CVE-2023-1544

CVSS3: 6
nvd
больше 2 лет назад

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.

msrc логотип

CVE-2023-1544

CVSS3: 6.3
msrc
2 месяца назад

Описание отсутствует

debian логотип

CVE-2023-1544

CVSS3: 6
debian
больше 2 лет назад

A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...

github логотип

GHSA-8j56-863j-pww9

CVSS3: 5.5
github
больше 2 лет назад

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.

EPSS

Процентиль: 14%
0.00046
Низкий

6 Medium

CVSS3