CVE-2023-6693
published 2024-01-02CVE-2023-6693: A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest…
medium5.3CVSS 3.1
AVLACLPRLUINSUCLILAL
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qemu | < qemu 1:7.2+dfsg-7+deb12u4 (bookworm) | qemu 1:7.2+dfsg-7+deb12u4 (bookworm) |
| fedoraproject | fedora | — | — |
| msrc | azl3_qemu_8.2.0-13_on_azure_linux_3.0 | — | — |
| msrc | azl3_qemu_8.2.0-16_on_azure_linux_3.0 | — | — |
| msrc | cbl2_qemu_6.2.0-21_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0 | — | — |
| qemu | qemu | < 8.2.1 | 8.2.1 |
| qemu | qemu | >= 0 < 1:5.2+dfsg-11+deb11u4 | 1:5.2+dfsg-11+deb11u4 |
| qemu | qemu | >= 0 < 1:7.2+dfsg-7+deb12u4 | 1:7.2+dfsg-7+deb12u4 |
| qemu | qemu | >= 0 < 1:8.2.0+ds-3 | 1:8.2.0+ds-3 |
| qemu | qemu | >= 0 < 1:8.2.0+ds-3 | 1:8.2.0+ds-3 |
| qemu | qemu | >= 0 < 1:6.2+dfsg-2ubuntu6.22 | 1:6.2+dfsg-2ubuntu6.22 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
osv6.5MEDIUM