CVE-2023-6693

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.
Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

History

14 Sep 2024, 00:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20240208-0004/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}

22 May 2024, 17:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:2962 -

08 Mar 2024, 17:57

Type Values Removed Values Added
CPE cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:* cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
First Time Fedoraproject
Fedoraproject fedora
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/ - Mailing List, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240208-0004/ - () https://security.netapp.com/advisory/ntap-20240208-0004/ - Third Party Advisory

20 Feb 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/ -

08 Feb 2024, 10:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240208-0004/ -

08 Jan 2024, 19:04

Type Values Removed Values Added
First Time Redhat
Redhat enterprise Linux
Qemu
Qemu qemu
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
CWE CWE-787
References () https://bugzilla.redhat.com/show_bug.cgi?id=2254580 - () https://bugzilla.redhat.com/show_bug.cgi?id=2254580 - Issue Tracking, Patch
References () https://access.redhat.com/security/cve/CVE-2023-6693 - () https://access.redhat.com/security/cve/CVE-2023-6693 - Third Party Advisory

02 Jan 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-02 10:15

Updated : 2024-09-14 00:15


NVD link : CVE-2023-6693

Mitre link : CVE-2023-6693

CVE.ORG link : CVE-2023-6693


JSON object : View

Products Affected

redhat

  • enterprise_linux

fedoraproject

  • fedora

qemu

  • qemu
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow