CVE-2023-3301 - OpenCVE

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-3301	Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2215784	Issue Tracking Third Party Advisory
https://security.netapp.com/advisory/ntap-20231020-0008/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-13T16:09:36.861Z

Updated: 2023-09-13T16:09:36.861Z

Reserved: 2023-06-17T16:48:21.977Z

Link: CVE-2023-3301

JSON object: View

NVD Information

Status : Modified

Published: 2023-09-13T17:15:10.063

Modified: 2023-11-07T04:18:25.307

Link: CVE-2023-3301

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-3301", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-06-17T16:48:21.977Z", "datePublished": "2023-09-13T16:09:36.861Z", "dateUpdated": "2023-09-13T16:09:36.861Z"}, "containers": {"cna": {"title": "Triggerable assertion due to race condition in hot-unplug", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service."}], "affected": [{"product": "qemu", "vendor": "n/a", "versions": [{"version": "8.1.0-rc0", "status": "unaffected"}]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "qemu-kvm", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "qemu-kvm", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "qemu-kvm-ma", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "virt:rhel/qemu-kvm", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8 Advanced Virtualization", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "virt:av/qemu-kvm", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_virtualization:8::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "qemu-kvm", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "qemu-kvm-rhev", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"product": "Extra Packages for Enterprise Linux", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "qemu", "defaultStatus": "unaffected"}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "qemu", "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-3301", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784", "name": "RHBZ#2215784", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://security.netapp.com/advisory/ntap-20231020-0008/"}], "datePublic": "2023-06-19T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-617", "description": "Reachable Assertion", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-362->CWE-617: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') leads to Reachable Assertion", "timeline": [{"lang": "en", "time": "2023-03-14T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-06-19T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Eugenio Perez Martin (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-13T16:09:36.861Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "445665D6-88FF-45C2-BB87-34AB7A72A7BF", "versionEndIncluding": "8.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en QEMU. La naturaleza as\u00edncrona de la desconexi\u00f3n en caliente permite un escenario de ejecuci\u00f3n en el que el backend del dispositivo de red se borra antes de que se haya desconectado el frontend pci de virtio-net. Un invitado malintencionado podr\u00eda utilizar esta ventana de tiempo para desencadenar una aserci\u00f3n y provocar una denegaci\u00f3n de servicio."}], "id": "CVE-2023-3301", "lastModified": "2023-11-07T04:18:25.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-09-13T17:15:10.063", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-3301"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20231020-0008/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-617"}], "source": "secalert@redhat.com", "type": "Secondary"}]}