Out-of-bounds read in Vm-memory - CVE-2023-41051
Published: October 4, 2023
Vulnerability identifier: #VU81462
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-41051
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Vm-memory
Vm-memory
Software vendor:
Vm-memory Project
Vm-memory Project
Description
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in multiple functions in VolatileMemory class. A remote user can trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
Remediation
Install updates from vendor's website.
External links
- https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8
- https://github.com/rust-vmm/vm-memory/security/advisories/GHSA-49hh-fprx-m68g
- https://crates.io/crates/vm-memory/0.12.2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZGJL6BQLU4XCPQLLTW4GSSBTNQXB3TI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPXRXD5VXBZHBGMUM77B52CJJMG7EJGI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYM6CYW2DWRHRAVL2HYTQPXC3J2V77J4/