CVE-2023-6693
Description
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2023-6693
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:4492
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-6693.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:2962
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:4492
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | bookworm | fixed | 1:7.2+dfsg-7+deb12u4 |
| debian | bullseye | fixed | 1:5.2+dfsg-11+deb11u4 |
| debian | forky | fixed | 1:8.2.0+ds-3 |
| debian | sid | fixed | 1:8.2.0+ds-3 |
| debian | trixie | fixed | 1:8.2.0+ds-3 |
References
Verify integrity in audit chain (admin only). AS-IS.