ByteOS Network

Vulnerability Details :

CVE-2023-1544

Assigner-fedora

Assigner Org ID-92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5

Published At-23 Mar, 2023 | 00:00

Updated At-03 Nov, 2025 | 19:27

Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:fedora

Assigner Org ID:92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5

Published At:23 Mar, 2023 | 00:00

Updated At:03 Nov, 2025 | 19:27

▼CVE Numbering Authority (CNA)

Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()

Affected Products

Collection URL

https://gitlab.com/qemu-project/qemu

Package Name

qemu

Default Status

affected

Versions

Unaffected

From 8.2.0-rc0 before * (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-125	Out-of-bounds Read

Type: CWE

CWE ID: CWE-125

Description: Out-of-bounds Read

Metrics

Version	Base score	Base severity	Vector
3.1	6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Version: 3.1

Base score: 6.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Metrics Other Info

Red Hat severity rating

value:

Low

namespace:

https://access.redhat.com/security/updates/classification/

Credits

Red Hat would like to thank SorryMybad (Kunlun Lab) for reporting this issue.

Timeline

Event	Date
Reported to Red Hat.	2023-02-27 00:00:00
Made public.	2023-02-27 00:00:00

Event: Reported to Red Hat.

Date: 2023-02-27 00:00:00

Event: Made public.

Date: 2023-02-27 00:00:00

References

Hyperlink	Resource
https://access.redhat.com/security/cve/CVE-2023-1544	vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2180364	N/A
https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html	N/A
https://security.netapp.com/advisory/ntap-20230511-0005/	N/A

Hyperlink: https://access.redhat.com/security/cve/CVE-2023-1544

Resource:

vdb-entry

x_refsource_REDHAT

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2180364

Resource: N/A

Hyperlink: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html

Resource: N/A

Hyperlink: https://security.netapp.com/advisory/ntap-20230511-0005/

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

QEMU

Product

rdma

CPEs

cpe:2.3:a:qemu:rdma:*:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 8.2.0 (custom)

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://access.redhat.com/security/cve/CVE-2023-1544	vdb-entry x_refsource_REDHAT x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=2180364	x_transferred
https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html	x_transferred
https://security.netapp.com/advisory/ntap-20230511-0005/	x_transferred
https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html	N/A

Hyperlink: https://access.redhat.com/security/cve/CVE-2023-1544

Resource:

vdb-entry

x_refsource_REDHAT

x_transferred

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2180364

Resource:

x_transferred

Hyperlink: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html

Resource:

x_transferred

Hyperlink: https://security.netapp.com/advisory/ntap-20230511-0005/

Resource:

x_transferred

Hyperlink: https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html

Resource: N/A

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:patrick@puiterwijk.org

Published At:23 Mar, 2023 | 20:15

Updated At:03 Nov, 2025 | 20:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Primary	3.1	6.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 6.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

CPE Matches

QEMU

>>qemu>>Versions up to 7.2.0(inclusive)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Fedora Project

>>fedora>>37

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-125	Secondary	patrick@puiterwijk.org
CWE-770	Primary	nvd@nist.gov

CWE ID: CWE-125

Type: Secondary

Source: patrick@puiterwijk.org

CWE ID: CWE-770

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://access.redhat.com/security/cve/CVE-2023-1544	patrick@puiterwijk.org	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2180364	patrick@puiterwijk.org	Issue Tracking Mailing List Patch Vendor Advisory
https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html	patrick@puiterwijk.org	Mailing List Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20230511-0005/	patrick@puiterwijk.org	N/A
https://access.redhat.com/security/cve/CVE-2023-1544	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2180364	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Mailing List Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20230511-0005/	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: https://access.redhat.com/security/cve/CVE-2023-1544

Source: patrick@puiterwijk.org

Resource: N/A

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2180364

Source: patrick@puiterwijk.org

Resource:

Issue Tracking

Mailing List

Patch

Vendor Advisory

Hyperlink: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html

Source: patrick@puiterwijk.org

Resource:

Mailing List

Patch

Third Party Advisory

Hyperlink: https://security.netapp.com/advisory/ntap-20230511-0005/

Source: patrick@puiterwijk.org

Resource: N/A

Hyperlink: https://access.redhat.com/security/cve/CVE-2023-1544

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2180364

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Issue Tracking

Mailing List

Patch

Vendor Advisory

Hyperlink: https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Patch

Third Party Advisory

Hyperlink: https://security.netapp.com/advisory/ntap-20230511-0005/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

503Records found

CVE-2024-5159

Matching Score-6

Assigner-Chrome

View Details

Matching Score-6

Assigner-Chrome

CVSS Score-8.8||HIGH

EPSS-0.26% / 48.56%

7 Day CHG~0.00%

Published-22 May, 2024 | 15:11

Updated-13 Feb, 2025 | 17:53

Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Vendor-Fedora Project Google LLC

Product-chrome fedora Chrome chrome

CWE ID-CWE-125

Out-of-bounds Read

CVE-2019-19204

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-8.95% / 92.43%

7 Day CHG~0.00%

Published-21 Nov, 2019 | 20:06

Updated-05 Aug, 2024 | 02:09

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.

Vendor-oniguruma_project n/a Debian GNU/Linux Fedora Project

Product-oniguruma debian_linux fedora n/a

CWE ID-CWE-125

Out-of-bounds Read

CVE-2022-30339

Matching Score-4

Assigner-Intel Corporation

View Details

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6||MEDIUM

EPSS-0.06% / 17.12%

7 Day CHG-0.04%

Published-16 Feb, 2023 | 20:00

Updated-27 Jan, 2025 | 18:20

Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access.

Vendor-n/a Intel Corporation

Product-integrated_sensor_solution Intel(R) Integrated Sensor Solution

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-1544

Credits

Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs