CVE-2023-6693

EUVD-2023-58914

02.01.2024, 10:15

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.9 MEDIUM	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Affected Products (NVD)

Vendor	Product	Version
qemu	qemu	𝑥 < 8.2.1
redhat	enterprise_linux	8.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qemu

bookworm	1:7.2+dfsg-7+deb12u7 fixed
bullseye	no-dsa
bullseye (security)	vulnerable
buster	not-affected
sid	1:9.2.0+ds-3 fixed
trixie	1:9.2.0+ds-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

qemu

bionic	not-affected
focal	not-affected
jammy	Fixed 1:6.2+dfsg-2ubuntu6.22 released
lunar	ignored
mantic	ignored
noble	not-affected
trusty	not-affected
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

qemu

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-SLOF

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-accel-tcg-x86

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-arm

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-audio-alsa

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-audio-dbus

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-audio-pa

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-audio-pipewire

suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-audio-spice

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-block-curl

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-block-iscsi

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-block-nfs

suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-block-rbd

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-block-ssh

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-chardev-baum

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-chardev-spice

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-guest-agent

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-headless

suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-display-qxl

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-display-virtio-gpu

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-display-virtio-gpu-pci

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-display-virtio-vga

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-s390x-virtio-gpu-ccw

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-usb-host

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-usb-redirect

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-img

suse enterprise desktop 15 SP6	8.2.2-150600.1.8 fixed
suse enterprise desktop 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise sap 15 SP6	8.2.2-150600.1.8 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP6	8.2.2-150600.1.8 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ipxe

suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ksm

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-kvm

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed

qemu-lang

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ppc

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-pr-helper

suse enterprise desktop 15 SP6	8.2.2-150600.1.8 fixed
suse enterprise desktop 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise sap 15 SP6	8.2.2-150600.1.8 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP6	8.2.2-150600.1.8 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-s390x

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-sgabios-8

suse enterprise sap 15 SP5	150500.49.12.1 fixed
suse enterprise sap 15 SP7	150500.49.12.1 fixed
suse enterprise server 15 SP5	150500.49.12.1 fixed
suse enterprise server 15 SP7	150500.49.12.1 fixed

qemu-skiboot

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-spice

suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-tools

suse enterprise desktop 15 SP6	8.2.2-150600.1.8 fixed
suse enterprise desktop 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise sap 15 SP6	8.2.2-150600.1.8 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP6	8.2.2-150600.1.8 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-curses

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-dbus

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-gtk

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-opengl

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-spice-app

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-spice-core

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-vmsr-helper

suse enterprise desktop 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-x86

suse enterprise sap 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.12.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

qemu-guest-agent

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-img

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-audio-pa

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-block-blkio

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-block-curl

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-block-rbd

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-common

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-core

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-device-display-virtio-gpu

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-device-display-virtio-gpu-ccw

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-device-display-virtio-gpu-pci

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-device-display-virtio-vga

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-device-usb-host

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-device-usb-redirect

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-docs

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-tools

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-ui-egl-headless

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-kvm-ui-opengl

RHEL 9

17:9.0.0-10.el9_5.3

fixed

qemu-pr-helper

RHEL 9

17:9.0.0-10.el9_5.3

fixed

Common Weakness Enumeration

References

https://access.redhat.com/errata/RHSA-2024:2962

https://access.redhat.com/errata/RHSA-2025:4492

https://access.redhat.com/security/cve/CVE-2023-6693

https://bugzilla.redhat.com/show_bug.cgi?id=2254580

https://access.redhat.com/errata/RHSA-2024:2962

https://access.redhat.com/security/cve/CVE-2023-6693

https://bugzilla.redhat.com/show_bug.cgi?id=2254580

https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/

https://security.netapp.com/advisory/ntap-20240208-0004/