CVE-2023-3019
Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest()
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
This update for qemu fixes the following issues. Fixed heap use-after-free in e1000e_write_packet_to_guest. Fixed NULL pointer dereference in qemu_clipboard_request. Fixed integer overflow results in buffer overflow via SCSI command. Fixed DM reentrancy issue that could lead to double free vulnerability. Fixed heap buffer overflow in sdhci_write_dataport.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-31 CVE Reserved
- 2023-07-24 CVE Published
- 2024-12-03 CVE Updated
- 2025-06-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20230831-0005 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2222351 | 2024-04-30 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:0135 | 2024-04-30 | |
| https://access.redhat.com/errata/RHSA-2024:0404 | 2024-04-30 | |
| https://access.redhat.com/errata/RHSA-2024:0569 | 2024-04-30 | |
| https://access.redhat.com/errata/RHSA-2024:2135 | 2024-04-30 | |
| https://access.redhat.com/security/cve/CVE-2023-3019 | 2024-04-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | < 8.2.0 Search vendor "Qemu" for product "Qemu" and version " < 8.2.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | advanced_virtualization |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||