QwikSec

Security Database

CVE

CWE

Training

CVE-2023-1544

Published: Mar 23, 2023

Modified: Nov 3, 2025

PUBLISHED

CVSS v3.1

6.0

MEDIUM

Description

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.

Vendor	Product	Versions
Unknown	qemu	unaffected `8.2.0-rc0 - < *`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

References

https://access.redhat.com/security/cve/CVE-2023-1544

vdb-entry

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2180364

https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html

https://security.netapp.com/advisory/ntap-20230511-0005/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.