A heap buffer overflow was found in virtio_crypto_sym_op_helper() in hw/virtio/virtio-crypto.c. It could occur while handling data encryption/dencryption requests in virtio_crypto_handle_sym_req(). There is no check for the value of the src_len and the dst_len in virtio_crypto_sym_op_helper(), so if src_len is not equal to dst_len, a heap based buff overflow occurs while encrypting/dencrypting the data.
Upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-08/msg00401.html
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 2228748]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-3180
Upstream commit: https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980