#VU85734 Use-after-free in QEMU - CVE-2023-3019

Cybersecurity Help s.r.o.

Published: 2024-01-23

Vulnerability identifier: #VU85734

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3019

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the e1000e_write_packet_to_guest() function in the e1000e NIC emulation code in QEMU. A local user can trigger DMA reentrancy and crash the QEMU process on the host.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

QEMU: All versions

External links
https://access.redhat.com/security/cve/CVE-2023-3019
https://bugzilla.redhat.com/show_bug.cgi?id=2222351
https://security.netapp.com/advisory/ntap-20230831-0005/
https://access.redhat.com/errata/RHSA-2024:0135

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Junos Space

Ubuntu update for qemu

Multiple vulnerabilities in Red Hat OpenStack 17.1 packages

Red Hat Enterprise Linux 9 update for qemu-kvm

SUSE update for qemu

openEuler 20.03 LTS SP4 update for qemu

openEuler 20.03 LTS SP1 update for qemu

openEuler 22.03 LTS SP2 update for qemu

openEuler 22.03 LTS SP1 update for qemu

openEuler 22.03 LTS update for qemu