Lucene search

K

[email protected]NVD:CVE-2023-2700

HistoryMay 15, 2023 - 10:15 p.m.

CVE-2023-2700

2023-05-1522:15:12

CWE-401

[email protected]

web.nvd.nist.gov

1

libvirt

memory leak

sr-iov pci

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device’s capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct’s g_autoptr cleanup.

Affected configurations

NVD

Node

redhatlibvirtMatch4.5.0

Node

fedoraprojectfedoraMatch38

OR

redhatenterprise_linuxMatch8.0

OR

redhatenterprise_linuxMatch9.0

References

access.redhat.com/security/cve/CVE-2023-2700

bugzilla.redhat.com/show_bug.cgi?id=2203653

gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ/

security.netapp.com/advisory/ntap-20230706-0001/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2023-2700

nessus18 rocky2 almalinux2 redhatcve1 debiancve1 veracode1 prion1 cbl_mariner2 osv6 oraclelinux5 cvelist1 redhat7 ubuntucve1 cve1 photon2 ubuntu1 fedora1 openvas2