CVE-2023-3301

Triggerable assertion due to race condition in hot-unplug

Published: 9/13/2023 Last updated: 2/13/2025 Reserved: 6/17/2023

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.6	Medium	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (8)

Product	Vendor	Version
Fedora	Fedora	< 8c1efe3f74a7864461b0dff281c5562154b4aa8e
Red Hat Enterprise Linux 6	Red Hat	<= 6.15.*
Red Hat Enterprise Linux 7	Red Hat	<= 6.16.*
Red Hat Enterprise Linux 7	Red Hat	12.2.1.3.0
Red Hat Enterprise Linux 7	Red Hat	<= *
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	14.1.1.0.0
Red Hat Enterprise Linux 8	Red Hat	12.2.1.4.0
qemu	n/a	<= 6.12.*

References (12)

Credits (2)

This issue was discovered by Eugenio Perez Martin (Red Hat).
This issue was discovered by Eugenio Perez Martin (Red Hat).