Lucene search

K
cveRedhatCVE-2023-2700
HistoryMay 15, 2023 - 10:15 p.m.

CVE-2023-2700

2023-05-1522:15:12
CWE-401
redhat
web.nvd.nist.gov
81
libvirt
vulnerability
memory leak
sr-iov
pci
nvd
cve-2023-2700

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

0

Percentile

14.8%

A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device’s capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct’s g_autoptr cleanup.

Affected configurations

Nvd
Vulners
Node
redhatlibvirtMatch4.5.0
Node
fedoraprojectfedoraMatch38
OR
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linuxMatch9.0
VendorProductVersionCPE
jenkinslibvirt_slaves*cpe:2.3:a:jenkins:libvirt_slaves:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "libvirt",
    "versions": [
      {
        "version": "libvirt-4.5.0",
        "status": "affected"
      }
    ]
  }
]

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

0

Percentile

14.8%