CVE-2023-1544

2023-03-2320:15:14

Debian Security Bug Tracker

security-tracker.debian.org

qemu

vmware

paravirtual

rdma

page tables

ring descriptors

out-of-bounds read

crash

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

20.6%

JSON

A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.

OSVersionArchitecturePackageVersionFilename
Debian12allqemu<= 1:7.2+dfsg-7+deb12u6qemu_1:7.2+dfsg-7+deb12u6_all.deb
Debian11allqemu<= 1:5.2+dfsg-11+deb11u3qemu_1:5.2+dfsg-11+deb11u3_all.deb
Debian999allqemu< 1:8.2.0+ds-1qemu_1:8.2.0+ds-1_all.deb
Debian13allqemu< 1:8.2.0+ds-1qemu_1:8.2.0+ds-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	qemu	<= 1:7.2+dfsg-7+deb12u6	qemu_1:7.2+dfsg-7+deb12u6_all.deb
Debian	11	all	qemu	<= 1:5.2+dfsg-11+deb11u3	qemu_1:5.2+dfsg-11+deb11u3_all.deb
Debian	999	all	qemu	< 1:8.2.0+ds-1	qemu_1:8.2.0+ds-1_all.deb
Debian	13	all	qemu	< 1:8.2.0+ds-1	qemu_1:8.2.0+ds-1_all.deb