CVE-2023-2680

Summary

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-416: Use After Free

ADP Enrichment

CVE Program Container

Additional References

References