PT-2023-4444 · Qemu+6 · Qemu+6

Zheyu Ma

Published

2023-01-16

Updated

2024-10-23

CVE-2023-0330

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions qemu (affected versions not specified)

Description The issue is related to a buffer overflow in the lsi53c895a.c component of the QEMU hardware emulator. It may also involve a DMA-MMIO reentrancy problem, potentially leading to memory corruption bugs such as stack overflow or use-after-free. Exploitation of this issue could allow an attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

ALT-PU-2023-1685

ALT-PU-2023-4715

ALT-PU-2023-5241

ALT-PU-2023-7183

ALT-PU-2024-13687

ALT-PU-2024-14149

ALT-PU-2024-3359

ALT-PU-2024-6235

ALT-PU-2024-7201

AZL-60121

BDU:2023-04834

CVE-2023-0330

DLA-3604-1

OESA-2024-1491

OESA-2024-1494

OESA-2024-1505

OESA-2024-1510

OESA-2024-1511

OESA-2024-1516

OPENSUSE-SU-2023_3082-1

OPENSUSE-SU-2023_3721-1

OPENSUSE-SU-2023_4056-1

OPENSUSE-SU-2024:13114-1

ROSA-SA-2023-2302

SUSE-SU-2023:3015-1

SUSE-SU-2023:3082-1

SUSE-SU-2023:3082-2

SUSE-SU-2023:3444-1

SUSE-SU-2023:3721-1

SUSE-SU-2023:3800-1

SUSE-SU-2023:4056-1

SUSE-SU-2023_3015-1

SUSE-SU-2023_3082-1

SUSE-SU-2024:1395-1

USN-6167-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

Qemu

PT-2023-4444 · Qemu+6 · Qemu+6

CVE-2023-0330

Weakness Enumeration

Related Identifiers

Affected Products

References · 100