CVE-2023-1544

Name
CVE-2023-1544
Description
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2180364
CONFIRM https://security.netapp.com/advisory/ntap-20230511-0005/
vdb-entry https://access.redhat.com/security/cve/CVE-2023-1544

Match rules

CPE URI Source package Min version Max version
shopxo >= 8.2.0-rc0 < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
qemu 3.17-community 7.1.0-r7 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable