CVE-2023-0330 — Stack-based Buffer Overflow in Qemu

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write9 documents8 sources

Severity

6.0MEDIUMNVD

OSV8.8

EPSS

0.0%

top 91.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux +2 more

Timeline

PublishedMar 6

Latest updateFeb 15

Description

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages6 packages

▶NVDqemu/qemu7.2.0 — 7.2.3+1

▶debiandebian/qemu< qemu 1:7.2+dfsg-7+deb12u1 (bookworm)

▶Debianqemu/qemu< 1:5.2+dfsg-11+deb11u3+3

▶Ubuntuqemu/qemu< 1:4.2-3ubuntu6.27+4

▶msrcmsrc/cbl2_qemu_6.2.0-22_on_cbl_mariner_2.0

Also affects: Debian Linux 10.0

Patches

Patch: lists.nongnu.org ↗Patch: lists.nongnu.org ↗

🔴Vulnerability Details

OSV

qemu vulnerabilities↗2023-06-19

▶

GHSA

GHSA-fj3c-gq42-693w: A vulnerability in the lsi53c895a device affects the latest version of qemu↗2023-03-07

▶

OSV

CVE-2023-0330: A vulnerability in the lsi53c895a device affects the latest version of qemu↗2023-03-06

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE XCM-/XRM-300↗2024-02-15

▶

Ubuntu

QEMU vulnerabilities↗2023-06-19

▶

Microsoft

Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow↗2023-03-14

▶

Red Hat

QEMU: lsi53c895a: DMA reentrancy issue leads to stack overflow↗2023-01-16

▶

Debian

CVE-2023-0330: qemu - A vulnerability in the lsi53c895a device affects the latest version of qemu. A D...↗2023

▶