CVE-2023-1601
Public on 2023-05-18
Modified on 2023-05-18
Description
This CVE exists because of an incomplete fix for CVE-2021-4206. The cursor_alloc() function still accepts a signed integer for both the cursor width and height. A specially crafted negative value could make datasize wrap around and cause the next allocation to be 0, potentially leading to a heap buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | qemu-kvm | Not Affected | ||
| Amazon Linux 2 - Core | qemu-kvm | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |