Skip to main content

Qemu CVE-2023-6693

MEDIUM
Stack-based Buffer Overflow (CWE-121)
2024-01-02 secalert@redhat.com
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:33 vuln.today
Patch released
Mar 28, 2026 - 19:33 nvd
Patch available
CVE Published
Jan 02, 2024 - 10:15 nvd
MEDIUM 4.9

DescriptionCVE.org

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the out_sg variable could be used to read a part of process memory and send it to the wire, causing an information leak.

AnalysisAI

A stack based buffer overflow was found in the virtio-net device of QEMU. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required.

Technical ContextAI

This vulnerability is classified under CWE-121. A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the out_sg variable could be used to read a part of process memory and send it to the wire, causing an information leak. Affected products include: Qemu, Redhat Enterprise Linux, Fedoraproject Fedora.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Qemu

View all
CVE-2015-3456 HIGH POC
7.7 May 13

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a

CVE-2015-8556 CRITICAL POC
10.0 Mar 24

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Rated critical severity (CVSS 10.0)

CVE-2019-12928 CRITICAL POC
9.8 Jun 24

The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote

CVE-2019-12929 CRITICAL POC
9.8 Jun 24

The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achi

CVE-2015-7512 CRITICAL
9.0 Jan 08

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remot

CVE-2016-7161 CRITICAL
9.8 Oct 05

Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attacke

CVE-2024-24474 HIGH POC
8.8 Feb 20

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA tra

CVE-2022-35414 HIGH POC
8.8 Jul 11

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_r

CVE-2016-4002 CRITICAL
9.8 Apr 26

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept

CVE-2024-3447 MEDIUM POC
6.0 Nov 14

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. Rated medium severity (CVSS 6.0), this vul

CVE-2017-15268 HIGH POC
7.5 Oct 12

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, rela

CVE-2022-2962 HIGH POC
7.8 Sep 13

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerabili

Share

CVE-2023-6693 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy