CVE-2023-3019

MEDIUM

QEMU < 8.2.0 - Use-After-Free in e1000e NIC Emulation

Title source: llm
STIX 2.1

Description

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.

References (9)

Core 9
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0135
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0404
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0569
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2135
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-3019
Issue Tracking, Patch, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2222351

Scores

CVSS v3 6.0
EPSS 0.0001
EPSS Percentile 2.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (10)
qemu/qemu < 8.2.0
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8 8090020231206155326.a75119d5
Red Hat/Red Hat Enterprise Linux 8 Advanced Virtualization
Red Hat/Red Hat Enterprise Linux 8.6 Extended Update Support 8060020231128234847.ad008a3a
Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Support 8080020240116113044.63b34585
Red Hat/Red Hat Enterprise Linux 9 17:8.2.0-11.el9_4
redhat/enterprise_linux 8.0 (2 CPE variants)
redhat/enterprise_linux 9.0
Published Jul 24, 2023
Tracked Since Feb 18, 2026