CVE-2023-3019

Summary

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 88090020231206155326.a75119d5 < *unaffected
Red HatRed Hat Enterprise Linux 88090020231206155326.a75119d5 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support8060020231128234847.ad008a3a < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support8060020231128234847.ad008a3a < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support8080020240116113044.63b34585 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support8080020240116113044.63b34585 < *unaffected
Red HatRed Hat Enterprise Linux 917:8.2.0-11.el9_4 < *unaffected

Weaknesses

  • CWE-416: Use After Free

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References