Security Advisory

CVE-2023-4135

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-08-04 13:19:15

Last updated 2024-08-02 07:17:11

Assigner redhat

State PUBLISHED

Description

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

← Browse all CVEs View on cve.org ↗