Vulnerability Details CVE-2023-0330
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.3%
CVSS Severity
CVSS v3 Score 5.3
References
- https://access.redhat.com/security/cve/CVE-2023-0330
- https://bugzilla.redhat.com/show_bug.cgi?id=2160151
- https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html
- https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html
- https://access.redhat.com/security/cve/CVE-2023-0330
- https://bugzilla.redhat.com/show_bug.cgi?id=2160151
- https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html
- https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html
Products affected by CVE-2023-0330
-
cpe:2.3:a:qemu:qemu:7.2.0
-
cpe:2.3:a:qemu:qemu:7.2.1
-
cpe:2.3:a:qemu:qemu:7.2.2
-
cpe:2.3:a:qemu:qemu:8.0.0
-
cpe:2.3:o:debian:debian_linux:10.0