A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qemu qemu |
||
qemu qemu 8.1.0 |
||
fedoraproject fedora 38 |
||
debian debian linux 10.0 |