UBUNTU-CVE-2023-6693

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2023-6693
Downstream
USN-6954-1
Published: 02 Jan 2024, 10:15
Last modified:04 Feb 2026, 02:23

Vulnerability Summary

Overall Risk (default)
low
20/100
CVSS Score
4.9 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

02 Jan 2024, 10:15
Published
Vulnerability first disclosed
04 Feb 2026, 02:23
Last Modified
Vulnerability information updated

Description

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.

CVSS Metrics

  • v3.1MEDIUMScore: 4.9CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Systems

  • ubuntuqemu

    < 1:6.2+dfsg-2ubuntu6.22

References (5)