Vulnerabilities > CVE-2023-0330 - Out-of-bounds Write vulnerability in multiple products

CVSS 6.0 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

qemu

debian

CWE-787

NVD

Published: 2023-03-06

Updated: 2024-04-19

Summary

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

Vulnerable Configurations

Part	Description	Count
Application	Qemu Qemu Qemu 8.0.0 Qemu Qemu 7.2.0 Qemu Qemu 7.2.1 Qemu Qemu 7.2.2	14
OS	Debian Debian Debian Linux 10.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html
https://access.redhat.com/security/cve/CVE-2023-0330
https://bugzilla.redhat.com/show_bug.cgi?id=2160151