Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-4135

Published: 04/08/2023 Updated: 11/12/2023
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 0
Subscribe to Qemu

Vulnerability Summary

This vulnerability allows local malicious users to disclose sensitive information on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the NVMe virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the hypervisor.

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu 8.1.0

qemu qemu

fedoraproject fedora 38

Vendor Advisories

Debian CVElist Bug Report Logs: qemu: CVE-2023-40360
Debian Bug report logs - #1050140 qemu: CVE-2023-40360 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 20 Aug 2023 19:21:04 UTC Severity: important Tags: security, upstream Found in versions qemu ...
Debian CVElist Bug Report Logs: qemu: CVE-2023-4135
Debian Bug report logs - #1050142 qemu: CVE-2023-4135 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 20 Aug 2023 19:27:02 UTC Severity: important Tags: security, upstream Found in versions qemu/ ...
Red Hat:
Description<!---->A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest Arbitrary heap memory relative to an allocated buffer can be disclosedA heap out-of-bounds m ...

References

CWE-125https://access.redhat.com/security/cve/CVE-2023-4135https://bugzilla.redhat.com/show_bug.cgi?id=2229101https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521https://security.netapp.com/advisory/ntap-20230915-0012/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050140https://www.zerodayinitiative.com/advisories/ZDI-23-1810/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook