CVE-2023-1544
Summary
| CVE | CVE-2023-1544 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-03-23 20:15:00 UTC |
|---|
| Updated | 2023-05-11 15:15:00 UTC |
|---|
| Description | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Fedoraproject |
Fedora |
37 |
All |
All |
All |
| Application |
Qemu |
Qemu |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| [PATCH v1] hw/pvrdma: Protect against buggy or malicious guest driver |
MISC |
lists.nongnu.org |
|
| 2180364 – (CVE-2023-1544) CVE-2023-1544 QEMU: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read() |
MISC |
bugzilla.redhat.com |
|
| CVE-2023-1544 QEMU Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160635 Oracle Enterprise Linux Security Update for qemu-kvm (ELSA-2023-12328)
- 160713 Oracle Enterprise Linux Security Update for virt:kvm_utils2 (ELSA-2023-12358)
- 756072 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2024:1103-1)
