CVE-2023-3180 Information

Description

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of src_len and dst_len in virtio_crypto_sym_op_helper potentially leading to a heap buffer overflow when the two values differ.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2222424 https://access.redhat.com/security/cve/CVE-2023-3180