Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-2680

Опубликовано: 12 мая 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.

Отчет

A user who installs or updates to Red Hat Enterprise Linux 9.1 would be vulnerable to the CVE-2021-3750, even if it was declared fixed in the following advisory: https://access.redhat.com/errata/RHSA-2022:7967 The advisory provided updates for qemu-kvm package, but did not actually include fixes for CVE-2021-3750. The CVE-2023-2680 was assigned to this Red Hat specific issue and it is not applicable to any upstream QEMU version or QEMU packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages. For more details about the original security flaw CVE-2021-3750, refer to the CVE page: https://access.redhat.com/security/cve/CVE-2021-3750.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 8virt:rhel/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/qemu-kvmNot affected
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 9qemu-kvmFixedRHSA-2023:636807.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2203387QEMU: hcd-ehci: DMA reentrancy issue (incomplete fix for CVE-2021-3750)

EPSS

Процентиль: 6%
0.00029
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-2680

CVSS3: 7.5
ubuntu
почти 2 года назад

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.

nvd логотип

CVE-2023-2680

CVSS3: 7.5
nvd
почти 2 года назад

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.

debian логотип

CVE-2023-2680

CVSS3: 7.5
debian
почти 2 года назад

This CVE exists because of an incomplete fix for CVE-2021-3750. More s ...

github логотип

GHSA-69cm-qhp7-ch23

CVSS3: 7.5
github
почти 2 года назад

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.

oracle-oval логотип

ELSA-2023-6368

oracle-oval
больше 1 года назад

ELSA-2023-6368: qemu-kvm security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 6%
0.00029
Низкий

7.5 High

CVSS3