3 matches found
Fedora 39 : firecracker / libkrun / rust-event-manager / rust-kvm-bindings / etc (2024-04877592b7)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-04877592b7 advisory. Update rust-vmm components and their consumers to address CVE-2023-50711 Tenable has extracted the preceding description block directly from the Fedora...
SUSE CVE-2023-50711
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...
GHSA-875G-MFP6-G7F9 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Impact An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array lengt...