Division by Zero Vulnerability in QEMU Affecting Disk Emulation
CVE-2023-42467

5.5MEDIUM

Key Information:

Vendor: Qemu
Status: Qemu
Vendor: CVE Published:; 11 September 2023

What is CVE-2023-42467?

An issue has been detected in QEMU versions up to 8.0.0, where a division by zero can occur in the scsi_disk_reset function located in hw/scsi/scsi-disk.c. This vulnerability arises when the scsi_disk_emulate_mode_select function fails to properly validate the block size, allowing s->qdev.blocksize to be set to 256. When this occurs, it leads to an immediate halt of both QEMU and the guest operating system, potentially impacting system availability and performance.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://gitlab.com/qemu-project/qemu/-/issues/1813

https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab...

https://security.netapp.com/advisory/ntap-20231103-0005/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2023
Vulnerability Reserved
Sep 11, 2023

JSON

Qemu

What is CVE-2023-42467?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.