CVE-2023-2680

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
qemuqemu
-
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
sid
1:9.2.0+ds-3
fixed
trixie
1:9.2.0+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
trusty
not-affected
xenial
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
qemu-guest-agent
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-img
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-audio-pa
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-block-blkio
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-block-curl
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-block-rbd
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-common
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-core
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-device-display-virtio-gpu
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-device-display-virtio-gpu-ccw
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-device-display-virtio-gpu-pci
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-device-display-virtio-vga
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-device-usb-host
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-device-usb-redirect
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-docs
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-tools
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-ui-egl-headless
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-kvm-ui-opengl
RHEL 9
17:8.0.0-16.el9_3
fixed
qemu-pr-helper
RHEL 9
17:8.0.0-16.el9_3
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2023-2680
https://bugzilla.redhat.com/show_bug.cgi?id=2203387
https://security.netapp.com/advisory/ntap-20231116-0001/
https://access.redhat.com/security/cve/CVE-2023-2680
https://bugzilla.redhat.com/show_bug.cgi?id=2203387
https://security.netapp.com/advisory/ntap-20231116-0001/