Lucene search

Ubuntu.comUB:CVE-2023-3301

HistorySep 13, 2023 - 12:00 a.m.

CVE-2023-3301

2023-09-1300:00:00

ubuntu.com

cve-2023-3301

qemu

hot-unplug

race scenario

net device

virtio-net

denial of service

mdeslaur

unix

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

A flaw was found in QEMU. The async nature of hot-unplug enables a race
scenario where the net device backend is cleared before the virtio-net pci
frontend has been unplugged. A malicious guest could use this time window
to trigger an assertion and cause a denial of service.

Notes

Author	Note
mdeslaur	introduced in 5.1

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchqemu< 1:6.2+dfsg-2ubuntu6.16UNKNOWN
ubuntu23.04noarchqemu< 1:7.2+dfsg-5ubuntu2.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	qemu	< 1:6.2+dfsg-2ubuntu6.16	UNKNOWN
ubuntu	23.04	noarch	qemu	< 1:7.2+dfsg-5ubuntu2.4	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2023-3301

nvd.nist.gov/vuln/detail/CVE-2023-3301

security-tracker.debian.org/tracker/CVE-2023-3301

ubuntu.com/security/notices/USN-6567-1

www.cve.org/CVERecord?id=CVE-2023-3301

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2023-3301