CVE-2023-42467 — Divide By Zero in Qemu

CWE-369 — Divide By Zero11 documents8 sources

Severity

5.5MEDIUMNVD

OSV3.2

EPSS

0.0%

top 95.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu

Timeline

PublishedSep 11

Latest updateJun 6

Description

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianqemu/qemu< 1:7.2+dfsg-7+deb12u3+2

▶Ubuntuqemu/qemu< 1:4.2-3ubuntu6.28+3

▶NVDqemu/qemu8.0.0

🔴Vulnerability Details

OSV

qemu regression↗2024-06-06

▶

OSV

qemu vulnerabilities↗2024-01-08

▶

OSV

CVE-2023-42467: QEMU through 8↗2023-09-11

▶

GHSA

GHSA-q76v-8f8c-4c2j: QEMU through 8↗2023-09-11

▶

CVEList

CVE-2023-42467: QEMU through 8↗2023-09-11

▶

📋Vendor Advisories

Ubuntu

QEMU regression↗2024-06-06

▶

Ubuntu

QEMU vulnerabilities↗2024-01-08

▶

Microsoft

▶

Red Hat

QEMU: am53c974: denial of service due to division by zero↗2023-09-11

▶

Debian

CVE-2023-42467: qemu - QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scs...↗2023

▶