A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of src_len
and dst_len
in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 10.0 | |
fedora | eq | 38 |