Dma reentrancy issue (incomplete fix for cve-2021-3750)
CVE-2023-2680

7.5HIGH

Key Information:

Vendor

Red Hat
Status
Qemu
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
13 September 2023

What is CVE-2023-2680?

The vulnerability arises from an incomplete implementation of a previous fix for an earlier CVE, specifically related to the QEMU-KVM package in Red Hat Enterprise Linux 9.1. The version released under RHSA-2022:7967 inadvertently lacked the necessary correction for a known vulnerability identified as CVE-2021-3750, exposing systems to potential risks associated with that flaw. Users of Red Hat Enterprise Linux 9.1 should be aware of this issue and consider taking appropriate measures to mitigate any potential security threats.

References

https://access.redhat.com/security/cve/CVE-2023-2680
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2203387
issue-trackingx_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20231116-0001/

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.