← Back

CVE-2023-0330

nvd nist
Published: Mar 6, 2023Modified: Nov 21, 2024

JSON object

Loading...
6.0
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Exploitability: 1.5 / Impact: 4.0
Source: NVD

Description

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

Affected (8)

Products: Qemu: Qemu · Debian: Debian Linux
Qemu
1 product
Qemu
Debian
1 product
Debian Linux
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Qemu
Qemu
From 7.2.0 to 7.2.3
Qemu
Version 8.0.0
Qemu
Version 8.0.0 rc0
Qemu
Version 8.0.0 rc1
Qemu
Version 8.0.0 rc2
Qemu
Version 8.0.0 rc3
Qemu
Version 8.0.0 rc4
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 10.0

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

Source: patrick@puiterwijk.org
Source: patrick@puiterwijk.org
Source: patrick@puiterwijk.org
Mailing ListThird Party Advisory
Source: patrick@puiterwijk.org
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch

Timeline

No history available yet.