CVE-2023-6693

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio net flush tx function if guest features VIRTIO NET F HASH REPORT, VIRTIO F VERSION 1, and VIRTIO NET F MRG RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the out sg variable could be used to read a part of process memory and send it to the wire, causing an information leak.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

ALT-PU-2024-1248

ALT-PU-2024-13687

ALT-PU-2024-14149

ALT-PU-2024-6235

ALT-PU-2024-7201

AZL-35675

AZL-35676

BDU:2024-04886

CESA-2024_2962

CVE-2023-6693

DLA-4144-1

INFSA-2024_2962

INFSA-2025_4492

MGASA-2024-0387

OESA-2024-1310

OESA-2024-1311

OESA-2024-1312

OESA-2024-1313

OPENSUSE-SU-2024:13705-1

OPENSUSE-SU-2024_1103-1

RHSA-2024:2962

RHSA-2024_2962

RHSA-2025:4492

RHSA-2025_4492

RLSA-2024:2962

SUSE-SU-2024:1103-1

SUSE-SU-2024:3229-1

SUSE-SU-2024_3229-1

USN-6954-1

Affected Products

Alt Linux

Astra Linux

Centos

Debian

Linuxmint

Qemu

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-6693

Weakness Enumeration

Related Identifiers

Affected Products

References · 89