QEMU virtio-net buffer overflow during flush_tx causes info leak
CVE-2023-6693 Published on January 2, 2024

Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.

Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-6693 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Timeline

Reported to Red Hat.

Made public. 22 days later.

Weakness Type

What is a Stack Overflow Vulnerability?

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CVE-2023-6693 has been classified to as a Stack Overflow vulnerability or weakness.


Products Associated with CVE-2023-6693

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-6693 are published in these products:

QEMU
 
Red Hat Enterprise Linux (RHEL)
 
Fedora Project Fedora
 
Canonical Ubuntu Linux
 
Red Hat Advanced Virtualization
 

Affected Versions

Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8 Advanced Virtualization:

Exploit Probability

EPSS
0.03%
Percentile
7.27%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.