CVE-2023-6693

Description

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.

CVSS Metrics

• v3.1•MEDIUM•Score: 4.9CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
• v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Trends

Current EPSS score: 0.03%• Percentile: 7%

Techniques & Countermeasures

• CWE-787•Out-of-bounds Write

  The product writes data past the end, or before the beginning, of the intended buffer.

• CWE-121•Stack-based Buffer Overflow

  A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Affected Systems

• fedoraproject•fedora

  39

• qemu•qemu

  < 8.2.1

• redhat•enterprise_linux

  8.0 | 9.0

References (7)

• https://access.redhat.com/errata/RHSA-2024:2962
• https://access.redhat.com/errata/RHSA-2025:4492
• https://access.redhat.com/security/cve/CVE-2023-6693
• https://bugzilla.redhat.com/show_bug.cgi?id=2254580
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/
• https://security.netapp.com/advisory/ntap-20240208-0004/
• https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html