Vulnerability CVE-2023-1544: Information

Description

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.

Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-1544
Published: March 23, 2023
Modified: April 19, 2024
Error type identifier: CWE-770

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
qemusisyphus8.0.0-alt18.2.3-alt1ALT-PU-2023-1685-1319375Fixed
qemusisyphus_riscv648.0.0-alt0.3.rv648.0.3-alt0.1.rv64ALT-PU-2023-3777-1-Fixed
qemusisyphus_loongarch648.1.3-alt0.port8.2.3-alt1ALT-PU-2023-8102-1-Fixed
qemup108.0.0-alt1.p108.2.2-alt0.p10.1ALT-PU-2023-1830-1320227Fixed
qemuc10f18.0.0-alt1.p108.2.2-alt0.p10.1ALT-PU-2023-1869-1321192Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
  • Mailing List
  • Patch
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2180364
  • Issue Tracking
  • Mailing List
  • Patch
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20230511-0005/
    https://access.redhat.com/security/cve/CVE-2023-1544

        1. Configuration 1

          cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
          End including
          7.2.0

          Configuration 2

          cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.1
      Back to top