CVE-2023-0330 - OpenCVE

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:8.0.0:-::::::
	cpe:2.3:a:qemu:qemu:8.0.0:rc0::::::
	cpe:2.3:a:qemu:qemu:8.0.0:rc1::::::
	cpe:2.3:a:qemu:qemu:8.0.0:rc2::::::
	cpe:2.3:a:qemu:qemu:8.0.0:rc3::::::
	cpe:2.3:a:qemu:qemu:8.0.0:rc4::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2023-0330
https://bugzilla.redhat.com/show_bug.cgi?id=2160151
https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html
https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html
https://nvd.nist.gov/vuln/detail/CVE-2023-0330
https://www.cve.org/CVERecord?id=CVE-2023-0330

History

No history.

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2023-03-06T00:00:00

Updated: 2024-08-02T05:10:55.143Z

Reserved: 2023-01-16T00:00:00

Link: CVE-2023-0330

Vulnrichment

Updated: 2024-08-02T05:10:55.143Z

NVD

Status : Modified

Published: 2023-03-06T23:15:11.457

Modified: 2024-04-19T14:15:07.850

Link: CVE-2023-0330

Redhat

Severity : Moderate

Publid Date: 2023-01-16T00:00:00Z

Links: CVE-2023-0330 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0330", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "assignerShortName": "fedora", "dateUpdated": "2024-08-02T05:10:55.143Z", "dateReserved": "2023-01-16T00:00:00", "datePublished": "2023-03-06T00:00:00"}, "containers": {"cna": {"title": "Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free."}], "affected": [{"versions": [{"status": "unaffected", "version": "8.1.0-rc0", "lessThan": "*", "versionType": "semver"}], "packageName": "qemu", "collectionURL": "https://gitlab.com/qemu-project/qemu", "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-0330", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151", "name": "RHBZ#2160151", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"}, {"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html"}], "datePublic": "2023-01-16T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow", "timeline": [{"lang": "en", "time": "2022-09-01T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-01-16T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Zheyu Ma for reporting this issue."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:34:09.530Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0330", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-01T18:43:40.453199Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:27:29.654Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:10:55.143Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-0330", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151", "name": "RHBZ#2160151", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"}, {"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-0330", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151", "name": "RHBZ#2160151", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html", "name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:10:55.143Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0330", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-01T18:43:40.453199Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T18:44:14.313Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow", "credits": [{"lang": "en", "value": "Red Hat would like to thank Zheyu Ma for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "unaffected", "version": "8.1.0-rc0", "lessThan": "*", "versionType": "semver"}], "packageName": "qemu", "collectionURL": "https://gitlab.com/qemu-project/qemu", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2022-09-01T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-01-16T00:00:00+00:00", "value": "Made public."}], "datePublic": "2023-01-16T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-0330", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151", "name": "RHBZ#2160151", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html", "name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update", "tags": ["mailing-list"]}, {"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:34:09.530Z"}, "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"}}, "cveMetadata": {"cveId": "CVE-2023-0330", "state": "PUBLISHED", "dateUpdated": "2024-08-02T05:10:55.143Z", "dateReserved": "2023-01-16T00:00:00", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2023-03-06T00:00:00", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "72474BA6-A129-4FF4-AFC2-4FA8E2C41522", "versionEndExcluding": "7.2.3", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "A4811446-5D11-4E60-ACF6-13032588117D", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "FEDCD75C-FA8E-4128-955B-E1492B0C384A", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "62E291F3-5469-433B-A725-A1A4C421C55E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "73834774-A560-43C5-B1D5-F9F37B81B423", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "71FAF71E-3DE5-4B90-92B4-12CCF74A4D69", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "0561171B-A1FB-4E6D-B6BE-DF61F7F2254E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free."}], "id": "CVE-2023-0330", "lastModified": "2024-04-19T14:15:07.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.0, "source": "patrick@puiterwijk.org", "type": "Secondary"}]}, "published": "2023-03-06T23:15:11.457", "references": [{"source": "patrick@puiterwijk.org", "url": "https://access.redhat.com/security/cve/CVE-2023-0330"}, {"source": "patrick@puiterwijk.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151"}, {"source": "patrick@puiterwijk.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"}, {"source": "patrick@puiterwijk.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Zheyu Ma for reporting this issue.", "bugzilla": {"description": "QEMU: lsi53c895a: DMA reentrancy issue leads to stack overflow", "id": "2160151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free."], "name": "CVE-2023-0330", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "virt:rhel/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:8.2/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:av/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2023-01-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0330\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0330"], "statement": "The `qemu-kvm` packages as shipped with Red Hat Enterprise Linux and RHEL Advanced Virtualization are not affected by this issue, as the LSI53C895A device is not enabled.", "threat_severity": "Moderate"}