Vulnerability Details : CVE-2023-41051
In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.
Products affected by CVE-2023-41051
- cpe:2.3:a:vm-memory_project:vm-memory:*:*:*:*:*:rust:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-41051
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-41051
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.0
|
3.6
|
NIST | |
2.5
|
LOW | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L |
1.0
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2023-41051
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Secondary)
- security-advisories@github.com (Primary)
References for CVE-2023-41051
-
https://crates.io/crates/vm-memory/0.12.2
vm-memory - crates.io: Rust Package RegistryProduct
-
https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8
fix: Validate return value of get_slice in VolatileMemory · rust-vmm/vm-memory@aff1dd4 · GitHubPatch
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYM6CYW2DWRHRAVL2HYTQPXC3J2V77J4/
[SECURITY] Fedora 38 Update: libkrun-1.5.0-6.fc38 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPXRXD5VXBZHBGMUM77B52CJJMG7EJGI/
[SECURITY] Fedora 37 Update: firecracker-1.4.1-2.fc37 - package-announce - Fedora Mailing-Lists
-
https://github.com/rust-vmm/vm-memory/security/advisories/GHSA-49hh-fprx-m68g
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses · Advisory · rust-vmm/vm-memory · GitHubVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZGJL6BQLU4XCPQLLTW4GSSBTNQXB3TI/
[SECURITY] Fedora 39 Update: virtiofsd-1.7.0-4.fc39 - package-announce - Fedora Mailing-Lists
Jump to