virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update is available for seabios, swtpm, perl-Sys-Virt, module.supermin, module.libiscsi, module.libvirt-dbus, libvirt-dbus, module.swtpm, module.virt-v2v, module.sgabios, module.perl-Sys-Virt, libvirt-python, module.libvirt-python, netcf, module.netcf, module.seabios, module.libguestfs, hivex,...

Alibaba Cloud Linux 3 : 0021: virt:rhel and virt-devel:rhel (ALINUX3-SA-2024:0021)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0021 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3750: A DMA reentrancy issue was...

CBL Mariner 2.0 Security Update: qemu (CVE-2023-3301)

The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3301 advisory. - A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend i...

Azure Linux 3.0 Security Update: qemu (CVE-2023-3301)

The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3301 advisory. - A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend i...

CVE-2023-3301 affecting package qemu for versions less than 6.2.0-23

CVE-2023-3301 affecting package qemu for versions less than 6.2.0-23. A patched version of the package is available...

Advisory ROSA-SA-2025-2814

Software: qemu-kvm 6.2.0 OS: ROSA Virtualization 3.0 packageevrstring: qemu-kvm-6.2.0-53.rv30.2 CVE-ID: CVE-2021-3750 BDU-ID: 2024-04421 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the QEMU hardware emulator is related to a lack of checks to see if the buffer pointer overlaps with the MMIO...

Linux Distros Unpatched Vulnerability : CVE-2023-3301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has...

Advisory ROSA-SA-2025-2641

Software: qemu 7.2.7 OS: ROSA-CHROME packageevrstring: qemu-7.2.7-1 CVE-ID: CVE-2023-3301 BDU-ID: 2024-04418 CVE-Crit: LOW CVE-DESC.: A vulnerability in the virtio-net interface of the QEMU hardware emulator is related to the asynchronous nature of the shutdown allowing a race scenario...

Ubuntu: Security Advisory (USN-6567-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6567-2: QEMU regression

USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in certain environments. This update fixes the problem. Original advisory details: Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the...

CVE-2023-3301 affecting package qemu for versions less than 8.2.0-1

CVE-2023-3301 affecting package qemu for versions less than 8.2.0-1. An upgraded version of the package is available that resolves this issue...

openSUSE: Security Advisory for libyajl (SUSE-SU-2023:3301-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : qemu (EulerOS-SA-2023-3371)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the...

Moderate: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Oracle Linux 8 : kvm_utils3 (ELSA-2023-12855)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12855 advisory. - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' Peter Krempa Orabug: 35644221 CVE-2023-3750 - virpci: Resolve leak in...

Oracle Linux 7 : qemu (ELSA-2023-12835)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12835 advisory. - virtio-crypto: verify src&dst buffer length for sym request Zhenwei Pi Orabug: 35724113 CVE-2023-3180 - hw/scsi/lsi53c895a: Fix reentrancy issues in...

qemu security update

15:4.2.1-28.el7 - virtio-crypto: verify src&dst buffer length for sym request Zhenwei Pi Orabug: 35724113 CVE-2023-3180 - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller CVE-2023-0330 Thomas Huth Orabug: 35724112 CVE-2023-0330 - kvm: Atomic memslot updates David Hildenbrand Orabug...

CVE-2023-3301

creationtimestamp| type| source ---|---|--- 2023-09-13 20:23:54+00:00| seen| https://t.me/cibsecurity/70405 2025-09-05 09:50:30+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ly3eytayuc72 2025-09-05 09:50:31+00:00| seen|...

BELL-CVE-2023-3301

Bulletin has no description...

CVE-2023-3301

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...