CVE-2023-4135

{"id": "CVE-2023-4135", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.0}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.5}]}, "published": "2023-08-04T14:15:12.173", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-4135", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.netapp.com/advisory/ntap-20230915-0012/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de lectura de memoria fuera de los l\u00edmites en el dispositivo nvme virtual en QEMU. El proceso QEMU no valida un desplazamiento proporcionado por el invitado antes de calcular un puntero de la memoria del host, que se utiliza para copiar datos al invitado. Se puede revelar memoria arbitraria en relaci\u00f3n con un b\u00fafer asignado."}], "lastModified": "2023-12-11T18:35:03.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "423C1B29-97E6-4574-84B0-1F68F1A65DAF", "versionEndExcluding": "8.1.0", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:qemu:qemu:8.1.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F730D08-43CC-4FFC-9C37-42C1D69518E1"}, {"criteria": "cpe:2.3:a:qemu:qemu:8.1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D61909EC-7FFA-4600-86F9-E9AA303D2A63"}, {"criteria": "cpe:2.3:a:qemu:qemu:8.1.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8414D556-72A7-4082-AB77-5ADE46A31179"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}