Heap Out-of-Bounds Memory Read Vulnerability in QEMU's Virtual NVMe Device

Heap Out-of-Bounds Memory Read Vulnerability in QEMU's Virtual NVMe Device

CVE-2023-4135 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

Learn more about our Web Application Penetration Testing UK.