CVE-2023-6693

2024-01-0210:15:08

Debian Security Bug Tracker

security-tracker.debian.org

qemu

virtio-net device

buffer overflow

information leak

security vulnerability

stack-based

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the out_sg variable could be used to read a part of process memory and send it to the wire, causing an information leak.

OSVersionArchitecturePackageVersionFilename
Debian12allqemu< 1:7.2+dfsg-7+deb12u4qemu_1:7.2+dfsg-7+deb12u4_all.deb
Debian11allqemu<= 1:5.2+dfsg-11+deb11u3qemu_1:5.2+dfsg-11+deb11u3_all.deb
Debian999allqemu< 1:8.2.0+ds-3qemu_1:8.2.0+ds-3_all.deb
Debian13allqemu< 1:8.2.0+ds-3qemu_1:8.2.0+ds-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	qemu	< 1:7.2+dfsg-7+deb12u4	qemu_1:7.2+dfsg-7+deb12u4_all.deb
Debian	11	all	qemu	<= 1:5.2+dfsg-11+deb11u3	qemu_1:5.2+dfsg-11+deb11u3_all.deb
Debian	999	all	qemu	< 1:8.2.0+ds-3	qemu_1:8.2.0+ds-3_all.deb
Debian	13	all	qemu	< 1:8.2.0+ds-3	qemu_1:8.2.0+ds-3_all.deb