6.3
CVE-2023-1544
- EPSS 0.31%
- Veröffentlicht 23.03.2023 20:15:14
- Zuletzt bearbeitet 03.11.2025 20:15:59
- Quelle patrick@puiterwijk.org
- CVE-Watchlists
- Unerledigt
Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version37
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.223 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 1.8 | 4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
|
| patrick@puiterwijk.org | 6 | 1.5 | 4 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://access.redhat.com/security/cve/CVE-2023-1544
https://bugzilla.redhat.com/show_bug.cgi?id=2180364
https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
https://security.netapp.com/advisory/ntap-20230511-0005/
https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html