6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
15.9%
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | 3.18-community | noarch | qemu | = 8.0.5-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | qemu | = 8.1.5-r0 | UNKNOWN |
Alpine | edge-community | noarch | qemu | = 9.0.1-r0 | UNKNOWN |
Alpine | 3.20-community | noarch | qemu | = 9.0.1-r0 | UNKNOWN |