5.3
CVE-2023-6693
- EPSS 0.33%
- Veröffentlicht 02.01.2024 10:15:08
- Zuletzt bearbeitet 03.11.2025 20:16:07
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Version8.0 SwEdition-
Redhat ≫ Enterprise Linux Version8.0 SwEditionadvanced_virtualization
Redhat ≫ Enterprise Linux Version9.0
Fedoraproject ≫ Fedora Version39
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.245 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 1.8 | 3.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| secalert@redhat.com | 4.9 | 1.4 | 3.4 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://access.redhat.com/errata/RHSA-2024:2962
https://access.redhat.com/security/cve/CVE-2023-6693
https://bugzilla.redhat.com/show_bug.cgi?id=2254580
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/
https://security.netapp.com/advisory/ntap-20240208-0004/
https://access.redhat.com/errata/RHSA-2025:4492
https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html