Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-3301HistorySep 13, 2023 - 5:15 p.m.
CVE-2023-3301
2023-09-1317:15:10
Debian Security Bug Tracker
security-tracker.debian.org
15
qemu
hot-unplug
race scenario
denial of service
net device
virtio-net
pci backend
0.0004 Low
EPSS
Percentile
5.2%
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | qemu | < 1:7.2+dfsg-7+deb12u1 | qemu_1:7.2+dfsg-7+deb12u1_all.deb |
| Debian | 11 | all | qemu | < 1:5.2+dfsg-11+deb11u3 | qemu_1:5.2+dfsg-11+deb11u3_all.deb |
| Debian | 10 | all | qemu | < 1:3.1+dfsg-8+deb10u8 | qemu_1:3.1+dfsg-8+deb10u8_all.deb |
| Debian | 999 | all | qemu | < 1:8.0.3+dfsg-1 | qemu_1:8.0.3+dfsg-1_all.deb |
| Debian | 13 | all | qemu | < 1:8.0.3+dfsg-1 | qemu_1:8.0.3+dfsg-1_all.deb |
Related
nessus
nessus
EulerOS Virtualization 2.11.0 : qemu (EulerOS-SA-2023-3389)
2024-01-16 00:00:00
QEMU < 8.1.0-rc2 DOS
2023-08-10 00:00:00
EulerOS Virtualization 2.11.1 : qemu (EulerOS-SA-2023-3371)
2024-01-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-3371)
2023-12-14 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-3389)
2023-12-14 00:00:00
openSUSE: Security Advisory for qemu (SUSE-SU-2023:3234-1)
2024-03-04 00:00:00
cve
cve
CVE-2023-3301
2023-09-13 17:15:10
osv
osv
CVE-2023-3301
2023-09-13 17:15:10
Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2023-11-14 00:00:00
qemu vulnerabilities
2024-01-08 17:46:08
redhatcve
redhatcve
CVE-2023-3301
2023-08-01 13:19:43
cvelist
cvelist
Triggerable assertion due to race condition in hot-unplug
2023-09-13 16:09:36
prion
prion
Sql injection
2023-09-13 17:15:00
ubuntucve
ubuntucve
CVE-2023-3301
2023-09-13 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-3301 affecting package qemu for versions less than 8.2.0-1
2024-03-19 17:21:46
veracode
veracode
Denial Of Service (DoS)
2023-08-05 03:34:22
redhat
redhat
almalinux
almalinux
oraclelinux
oraclelinux
virt:ol and virt-devel:rhel security, bug fix, and enhancement update
2023-11-18 00:00:00
qemu security update
2023-09-22 00:00:00
qemu security update
2023-09-22 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2024-01-08 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00