Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

qemu: CVE-2023-4135

Related Vulnerabilities: CVE-2023-4135   CVE-2023-40360  

Source

Debian Bug report logs - #1050142
qemu: CVE-2023-4135

version graph

Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sun, 20 Aug 2023 19:27:02 UTC

Severity: important

Tags: security, upstream

Found in versions qemu/1:8.0~rc2+dfsg-1, qemu/1:8.0.4+dfsg-1, qemu/1:8.0+dfsg-1

Fixed in version qemu/1:8.0.4+dfsg-2

Done: Michael Tokarev <mjt@tls.msk.ru>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#1050142; Package src:qemu. (Sun, 20 Aug 2023 19:27:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>. (Sun, 20 Aug 2023 19:27:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: qemu: CVE-2023-4135
Date: Sun, 20 Aug 2023 21:24:57 +0200
Source: qemu
Version: 1:8.0.4+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for qemu.

CVE-2023-4135[0]:
| A heap out-of-bounds memory read flaw was found in the virtual nvme
| device in QEMU. The QEMU process does not validate an offset
| provided by the guest before computing a host heap pointer, which is
| used for copying data back to the guest. Arbitrary heap memory
| relative to an allocated buffer can be disclosed.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-4135
    https://www.cve.org/CVERecord?id=CVE-2023-4135
[1] https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521
[2] https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf

Regards,
Salvatore

Marked as found in versions qemu/1:8.0+dfsg-1. Request was from Michael Tokarev <mjt@tls.msk.ru> to control@bugs.debian.org. (Mon, 21 Aug 2023 06:36:03 GMT) (full text, mbox, link).

Marked as found in versions qemu/1:8.0~rc2+dfsg-1. Request was from Michael Tokarev <mjt@tls.msk.ru> to control@bugs.debian.org. (Mon, 21 Aug 2023 06:36:03 GMT) (full text, mbox, link).

Reply sent to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility. (Mon, 21 Aug 2023 07:30:07 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Mon, 21 Aug 2023 07:30:07 GMT) (full text, mbox, link).

Message #14 received at 1050142-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 1050142-close@bugs.debian.org
Subject: Bug#1050142: fixed in qemu 1:8.0.4+dfsg-2
Date: Mon, 21 Aug 2023 07:27:58 +0000
Source: qemu
Source-Version: 1:8.0.4+dfsg-2
Done: Michael Tokarev <mjt@tls.msk.ru>

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1050142@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 21 Aug 2023 09:57:59 +0300
Source: qemu
Architecture: source
Version: 1:8.0.4+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Closes: 1049925 1050140 1050142
Changes:
 qemu (1:8.0.4+dfsg-2) unstable; urgency=medium
 .
   * remove linux-user-show-heap-address-in-proc-pid-maps.patch
   * pick 2 nvme fixes from upstream:
    - hw-nvme-fix-oob-memory-read-in-fdp-events-log-CVE-2023-4135.patch
      Closes: #1050142, CVE-2023-4135
    - hw-nvme-fix-null-pointer-access-in-directive-receive-CVE-2023-40360.patch
      Closes: #1050140, CVE-2023-40360
   * d/rules: --enable-virtfs (--enable-attr --enable-cap-ng) for xen build
     to enable 9pfs (Closes: #1049925)
   * d/rules: run-qemu.mount is linux-specific too
     (if we ever do non-linux system build)
   * d/control: disable sndio on debian too (disabled on ubuntu), for now anyway
   * d/*.install, d/rules: explicitly list all qemu-system modules
   * d/control: build-depend on libglib2.0-dev (forgotten!) and zlib1g-dev,
     move the two to the top before all optional deps
   * d/changelog: fix 7.1+dfsg-1 changelog entry (qemu-user and qemu-system)
Checksums-Sha1:
 67af15294dec273ecd6e39ecb06de5bdcefbb91a 7632 qemu_8.0.4+dfsg-2.dsc
 204aac4b15cbcd7826bea25066998f119d101c24 107052 qemu_8.0.4+dfsg-2.debian.tar.xz
 d9fa4fedbb3f094b09dd30dbe6bcea6471ed5045 14015 qemu_8.0.4+dfsg-2_source.buildinfo
Checksums-Sha256:
 eb31e0e54d309b5e6b8b9bd8a6673b3e25d1b85cf8109ac71b81a552fe1c233e 7632 qemu_8.0.4+dfsg-2.dsc
 d9521bc24c7923ef2582b41fe50b4afbad31a23d6e8b3bd0eca5da94b17eae4a 107052 qemu_8.0.4+dfsg-2.debian.tar.xz
 cfe084e1e3c8065448a9e429fc54d51d1d5e765531c8557d603d4ddbb449e0a3 14015 qemu_8.0.4+dfsg-2_source.buildinfo
Files:
 6831ff16bd07143b8b99eb4e3d350041 7632 otherosfs optional qemu_8.0.4+dfsg-2.dsc
 f7078cfab11abaad9266a0bcaf2aa321 107052 otherosfs optional qemu_8.0.4+dfsg-2.debian.tar.xz
 72f3dd7f3baefcc92eacee65f3d26f42 14015 otherosfs optional qemu_8.0.4+dfsg-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmTjCwkPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZzPgH/irXlbjvdJ//ViD32AalG8HuyyChhYFiQrKf
tAP0cqXtgBQnwARxOFR2QBSA8zAwjnp/fQl3pW7SL3+MM/6O7q77LVsP4gWvSdQm
nRT6v/gq1iRzOQ4irwaWVsF46vq8b4pJuhMvQd/krjFjzh4yhbEhMPE1LsI9+TVH
VM07qZSPeh4WVQIIyYVVmht753Moaew6oduQgLxojRtsvaVXlT7LtErzxfahDGu8
UGQjTEH6l/MM8lQQdS0oeTKciw5uahMtZ28DGxe9KESfQ1OSztPirEHH1gKGUFOR
ImNS7Trq8q/NG/AGWiDDbXKnjFfM85L0eyF4kvhTnhPCGtFKJGI=
=Yp1R
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Aug 21 17:50:32 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started