ROSA LABROSA-SA-2023-2302Advisory ROSA-SA-2023-2302
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
14.9%
software: qemu 7.2.0
OS: ROSA-CHROME
package_evr_string: qemu-7.2.0-2.src.rpm
CVE-ID: CVE-2023-0330
BDU-ID: 2023-04834
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the lsi53c895a.c component of the QEMU hardware emulator is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update qemu
CVE-ID: CVE-2023-4135
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: An error was detected in the nvme virtual device in QEMU for reading memory outside the heap. The QEMU process does not check the offset provided by the guest before calculating the host heap pointer, which is used to copy data back to the guest. An arbitrary memory heap may be exposed relative to the allocated buffer
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update qemu
Related
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
14.9%