Guest driver allocates and initialize page tables to be used as a ring of descriptors for CQ and async events. Since the guest controls the number of pages passed to the device, this flaw could lead to an out-of-bounds read and potential crash of QEMU. Upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 2180366]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1544
Upstream commit: https://gitlab.com/qemu-project/qemu/-/commit/85fc35afa93c7320d1641d344d0c5dfbe341d087