CVE-2023-0330
Published Mar 6, 2023
Last updated 7 months ago
Overview
- Description
- A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.
- Source
- patrick@puiterwijk.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6
- Impact score
- 4
- Exploitability score
- 1.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
- Severity
- MEDIUM
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72474BA6-A129-4FF4-AFC2-4FA8E2C41522",
"versionEndExcluding": "7.2.3",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4811446-5D11-4E60-ACF6-13032588117D"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEDCD75C-FA8E-4128-955B-E1492B0C384A"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62E291F3-5469-433B-A725-A1A4C421C55E"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73834774-A560-43C5-B1D5-F9F37B81B423"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71FAF71E-3DE5-4B90-92B4-12CCF74A4D69"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0561171B-A1FB-4E6D-B6BE-DF61F7F2254E"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
],
"operator": "OR"
}
]
}
]