VYPR
Unrated severityNVD Advisory· Published Aug 4, 2023· Updated Aug 2, 2024

Out-of-bounds read information disclosure vulnerability

CVE-2023-4135

Description

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • Red Hat/Red Hat Enterprise Linux 8 Advanced Virtualizationv5
    cpe:/a:redhat:advanced_virtualization:8::el8
  • Red Hat/Enterprise Linux Servercpe-rescue4 versions
    cpe:/o:redhat:enterprise_linux:6+ 3 more
    • cpe:/o:redhat:enterprise_linux:6
    • cpe:/o:redhat:enterprise_linux:7
    • cpe:/o:redhat:enterprise_linux:8
    • cpe:/o:redhat:enterprise_linux:9
  • Xen/Qemullm-fuzzy
  • QEMU/Qemullm-fuzzy
  • Fedora/Extra Packages for Enterprise Linuxv5
  • Fedora/Fedorav5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.