CVE-2023-3301
Summary
| CVE | CVE-2023-3301 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-09-13 17:15:00 UTC |
|---|
| Updated | 2023-11-07 04:18:00 UTC |
|---|
| Description | A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| cve-details |
MISC |
access.redhat.com |
|
| September 2023 QEMU Vulnerabilities in NetApp Products | NetApp Product Security |
MISC |
security.netapp.com |
|
| 2215784 – (CVE-2023-3301) CVE-2023-3301 QEMU: net: triggerable assertion due to race condition in hot-unplug |
MISC |
bugzilla.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160940 Oracle Enterprise Linux Security Update for qemu (ELSA-2023-12834)
- 160941 Oracle Enterprise Linux Security Update for qemu (ELSA-2023-12835)
- 160960 Oracle Enterprise Linux Security Update for kvm_utils3 (ELSA-2023-12855)
- 161176 Oracle Enterprise Linux Security Update for virt:ol and virt-devel:rhel (ELSA-2023-6980)
- 161346 Oracle Enterprise Linux Security Update for virt:kvm_utils1 (ELSA-2024-12152)
- 242430 Red Hat Update for virt:rhel and virt-devel:rhel security (RHSA-2023:6980)
- 379624 Alibaba Cloud Linux Security Update for virt:rhel and virt-devel:rhel (ALINUX3-SA-2024:0021)
- 941431 AlmaLinux Security Update for virt:rhel and virt-devel:rhel (ALSA-2023:6980)
