CVE-2023-6693Stack-based Buffer Overflow in Qemu

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write9 documents8 sources
Severity
5.3MEDIUMNVD
CNA4.9
EPSS
0.0%
top 93.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedJan 2
Latest updateAug 13

Description

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

NVDqemu/qemu< 8.2.1
Debianqemu/qemu< 1:5.2+dfsg-11+deb11u4+3

Also affects: Fedora 39, Enterprise Linux 8.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
OSV
qemu vulnerabilities2024-08-13
GHSA
GHSA-835p-c6x8-xh5f: A stack based buffer overflow was found in the virtio-net device of QEMU2024-01-02
CVEList
Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()2024-01-02
OSV
CVE-2023-6693: A stack based buffer overflow was found in the virtio-net device of QEMU2024-01-02

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2024-08-13
Microsoft
Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()2024-01-09
Red Hat
QEMU: virtio-net: stack buffer overflow in virtio_net_flush_tx()2024-01-02
Debian
CVE-2023-6693: qemu - A stack based buffer overflow was found in the virtio-net device of QEMU. This i...2023
CVE-2023-6693 — Stack-based Buffer Overflow in Qemu | cvebase