Unrated severityNVD Advisory· Published Aug 4, 2023· Updated Aug 2, 2024
Out-of-bounds read information disclosure vulnerability
CVE-2023-4135
Description
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- Red Hat/Red Hat Enterprise Linux 8 Advanced Virtualizationv5cpe:/a:redhat:advanced_virtualization:8::el8
cpe:/o:redhat:enterprise_linux:6+ 3 more
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
- Fedora/Extra Packages for Enterprise Linuxv5
- Fedora/Fedorav5
Patches
Vulnerability mechanics
References
4- access.redhat.com/security/cve/CVE-2023-4135mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- security.netapp.com/advisory/ntap-20230915-0012/mitre
- www.zerodayinitiative.com/advisories/ZDI-CAN-21521mitre
News mentions
0No linked articles in our index yet.