Vulnerability CVE-2023-3019: Information

Description

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-3019
Published: July 24, 2023
Modified: April 30, 2024
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
qemusisyphus8.2.0-alt18.2.3-alt1ALT-PU-2024-1248-2337487Fixed
qemusisyphus_loongarch648.2.0-alt0.0.port8.2.3-alt1ALT-PU-2024-1781-1-Fixed
qemup108.2.2-alt0.p108.2.2-alt0.p10.1ALT-PU-2024-6235-3344683Fixed
qemuc10f18.2.2-alt0.p10.18.2.2-alt0.p10.1ALT-PU-2024-7201-3345913Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/CVE-2023-3019
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2222351
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20230831-0005/
  • Third Party Advisory
RHSA-2024:0135
  • Third Party Advisory
RHSA-2024:0404
  • Third Party Advisory
RHSA-2024:0569
  • Third Party Advisory
RHSA-2024:2135

      1. Configuration 1

        cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
        End excliding
        8.2.0

        Configuration 2

        cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
        cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
        cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top