cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8612,https://securityvulnerability.io/vulnerability/CVE-2024-8612,"QEMU Vendor Flaw Affectsvirtio-scsi, virtio-blk, and virtio-crypto Devices","A vulnerability exists within QEMU, particularly affecting the virtio-scsi, virtio-blk, and virtio-crypto devices. This arises from a flaw in the virtqueue_push process where the size parameter can exceed the actual data size sent to the guest. Consequently, when the dma_memory_unmap function is invoked, it may erroneously call the address_space_write function to write back potentially sensitive information. This process can inadvertently expose uninitialized data from the bounce buffer, leading to an information leak that poses a security risk.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",3.8,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-09-20T18:15:00.000Z,0
CVE-2024-8354,https://securityvulnerability.io/vulnerability/CVE-2024-8354,QEMU Flaw May Allow Guest User to Crash Host and Cause Denial of Service,A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-19T10:45:06.191Z,0
CVE-2024-8235,https://securityvulnerability.io/vulnerability/CVE-2024-8235,Crash of virtinterfaced Daemon Due to NULL Pointer Dereference,A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",6.2,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-08-30T17:15:00.000Z,0
CVE-2024-7409,https://securityvulnerability.io/vulnerability/CVE-2024-7409,QEMU NBD Server Vulnerability: DoS Attack via Socket Closure,A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.,Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.15,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",,,0.0004600000102072954,false,false,false,false,,false,false,2024-08-05T13:19:27.498Z,0
CVE-2024-7383,https://securityvulnerability.io/vulnerability/CVE-2024-7383," libnbd TLS Verification Vulnerability Allows Man-in-the-Middle Attack","A security flaw exists in libnbd impacting the verification process of the NBD server's certificate during TLS connections. This weakness can lead to a man-in-the-middle attack, compromising the integrity and confidentiality of the NBD traffic. System administrators and users of affected Red Hat products should take immediate actions to apply the necessary updates to mitigate this vulnerability and secure their environments.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 8 Advanced Virtualization",7.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-08-05T13:19:13.933Z,0
CVE-2024-6505,https://securityvulnerability.io/vulnerability/CVE-2024-6505,Heap Overflow Vulnerability in QEMU's virtio-net Device,"A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",6.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-05T13:51:38.241Z,0
CVE-2024-4467,https://securityvulnerability.io/vulnerability/CVE-2024-4467,QEMU qemu-img Vulnerability: Memory or CPU Consumption Denial of Service,"A vulnerability exists in the QEMU disk image utility related to the 'info' command, where a specially crafted image file containing a specific JSON value can cause the qemu-img process to use an excessive amount of system resources. This behavior may result in resource exhaustion, potentially leading to a denial of service. The exploit can also enable unauthorized read/write access to existing external files on the host system, creating a significant security risk for affected environments.",Red Hat,"Advanced Virtualization For Rhel 8.2.1,Advanced Virtualization For Rhel 8.4.0.eus,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Openshift Virtualization 4",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-07-02T16:15:00.000Z,0
CVE-2024-4693,https://securityvulnerability.io/vulnerability/CVE-2024-4693,Guest-Triggerable Crash in QEMU Virtio PCI Bindings Could Lead to Host Crash,A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T15:44:00.000Z,0
CVE-2024-4418,https://securityvulnerability.io/vulnerability/CVE-2024-4418,Stack Use-After-Free Flaw in libvirt Allows Escape from Limited Access,"A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being ""freed"" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization",6.2,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-05-08T03:03:05.135Z,0
CVE-2024-3567,https://securityvulnerability.io/vulnerability/CVE-2024-3567,QEMU Flaw Allows Malicious Guest to Crash QEMU and Cause Denial of Service,A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2024-04-10T14:32:02.343Z,0
CVE-2024-3446,https://securityvulnerability.io/vulnerability/CVE-2024-3446,Double Free Vulnerability in QEMU Virtio Devices Could Lead to Denial of Service or Arbitrary Code Execution,"A double free vulnerability has been identified in QEMU's virtio devices, specifically affecting the virtio-gpu, virtio-serial-bus, and virtio-crypto components. This vulnerability arises from an insufficient safeguard in the mem_reentrancy_guard flag, which fails to adequately address Direct Memory Access (DMA) reentrancy issues. Exploitation of this vulnerability by a malicious privileged guest user could lead to a crash of the QEMU process on the host system. Additionally, it poses a risk of arbitrary code execution within the context of the QEMU process, potentially undermining the security integrity of the host environment.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",8.2,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-04-09T19:34:45.646Z,0
CVE-2024-2494,https://securityvulnerability.io/vulnerability/CVE-2024-2494,Flaw in libvirt RPC Library APIs Allows Denial of Service Attack,"A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization",6.2,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-03-21T13:39:08.847Z,0
CVE-2024-2496,https://securityvulnerability.io/vulnerability/CVE-2024-2496,"NULL pointer dereference flaw found in udevConnectListAllInterfaces() function, potentially leading to denial of service attack",A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.,Red Hat,"Libvirt,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Fedora 39",,,0.00044999999227002263,false,false,false,false,,false,false,2024-03-18T12:54:17.647Z,0
CVE-2024-1441,https://securityvulnerability.io/vulnerability/CVE-2024-1441,Denial of Service Vulnerability in libvirt's udevListInterfacesByStatus() Function,"An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.",Red Hat,"Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization",5.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-03-11T13:37:54.724Z,0
CVE-2024-0646,https://securityvulnerability.io/vulnerability/CVE-2024-0646,Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination,"The vulnerability arises from an out-of-bounds memory write flaw in the Linux kernel's Transport Layer Security (TLS) functionality, specifically during a user-initiated call to the splice function with a ktls socket as its destination. This flaw potentially allows a local user to crash the system or escalate their privileges, posing significant security risks to systems utilizing affected versions of the Linux kernel.",Red Hat,"Kernel,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Fedora",7.8,HIGH,0.0004400000034365803,false,true,false,false,,false,false,2024-01-17T15:16:45.148Z,0
CVE-2023-6683,https://securityvulnerability.io/vulnerability/CVE-2023-6683,Qemu: vnc: null pointer dereference in qemu_clipboard_request(),"A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization",6.5,MEDIUM,0.0008200000156648457,false,false,false,false,,false,false,2024-01-12T19:01:25.542Z,0
CVE-2023-7192,https://securityvulnerability.io/vulnerability/CVE-2023-7192,Kernel: refcount leak in ctnetlink_create_conntrack(),A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.,Red Hat,"Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",4.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-01-02T19:15:00.000Z,0
CVE-2023-6693,https://securityvulnerability.io/vulnerability/CVE-2023-6693,Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx(),"A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",4.9,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-01-02T10:15:00.000Z,0
CVE-2023-6546,https://securityvulnerability.io/vulnerability/CVE-2023-6546,Race Condition in GSM 0710 Tty Multiplexor Could Lead to Privilege Escalation,"A race condition vulnerability (CVE-2023-6546) has been identified in the GSM 0710 tty multiplexor in the Linux kernel, which could allow a local unprivileged user to escalate their privileges on the system. A proof-of-concept exploit for this vulnerability has been released, posing a high risk of a Linux system takeover. The exploitation of this vulnerability can lead to severe consequences, including unauthorized access, system compromise, and potential data breaches. It is crucial for affected organizations to upgrade to the fixed version (18.12.11) promptly to mitigate the risk.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Rhol-5.7-rhel-8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",7,HIGH,0.0012499999720603228,false,true,false,true,,false,false,2023-12-21T20:15:00.000Z,0
CVE-2023-2861,https://securityvulnerability.io/vulnerability/CVE-2023-2861,Qemu: 9pfs: improper access control on special files,"A vulnerability has been identified in QEMU's implementation of the 9p passthrough filesystem (9pfs). This flaw allows a malicious client to exploit the absence of restrictions on special file access on the host side. By creating and opening a device file within a shared folder, attackers can escape the intended boundaries of the exported 9p tree, potentially leading to unauthorized access to host resources. Organizations using affected versions of QEMU should evaluate their security posture and apply necessary updates.",Red Hat,"Qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Extra Packages For Enterprise Linux,Fedora",7.1,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2023-12-06T07:15:00.000Z,0
CVE-2023-5088,https://securityvulnerability.io/vulnerability/CVE-2023-5088,Qemu: improper ide controller reset can lead to mbr overwrite,"A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization",6.4,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-11-03T14:15:00.000Z,0
CVE-2023-5178,https://securityvulnerability.io/vulnerability/CVE-2023-5178,Kernel: use after free in nvmet_tcp_free_crypto in nvme,"A use-after-free vulnerability in the NVMe/TCP subsystem of the Linux kernel has been identified, specifically within the `nvmet_tcp_free_crypto` function. This vulnerability arises from a logical flaw, allowing an attacker to exploit the use-after-free and double-free conditions. Such an exploit may enable remote code execution or facilitate local privilege escalation, posing significant security risks to systems relying on this kernel functionality.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",8.8,HIGH,0.05305999889969826,false,false,false,false,,false,false,2023-11-01T17:15:00.000Z,0
CVE-2023-5215,https://securityvulnerability.io/vulnerability/CVE-2023-5215,Libnbd: crash or misbehaviour when nbd server returns an unexpected block size,A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.,Red Hat,"Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization",5.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2023-09-28T14:15:00.000Z,0
CVE-2023-42753,https://securityvulnerability.io/vulnerability/CVE-2023-42753,Kernel: netfilter: potential slab-out-of-bound access due to integer underflow,"An array indexing vulnerability exists in the netfilter subsystem of the Linux kernel due to a missing macro, which can lead to miscalculation of the `h->nets` array offset. This flaw enables attackers to exploit memory buffer operations, resulting in potential local system crashes or privilege escalation.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7.7 Advanced Update Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6",7,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-09-25T21:15:00.000Z,0
CVE-2023-2680,https://securityvulnerability.io/vulnerability/CVE-2023-2680,Dma reentrancy issue (incomplete fix for cve-2021-3750),"The vulnerability arises from an incomplete implementation of a previous fix for an earlier CVE, specifically related to the QEMU-KVM package in Red Hat Enterprise Linux 9.1. The version released under RHSA-2022:7967 inadvertently lacked the necessary correction for a known vulnerability identified as CVE-2021-3750, exposing systems to potential risks associated with that flaw. Users of Red Hat Enterprise Linux 9.1 should be aware of this issue and consider taking appropriate measures to mitigate any potential security threats.",Red Hat,"qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat OpenStack Platform 13 (Queens),Fedora,Extra Packages for Enterprise Linux",8.2,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-09-13T17:15:00.000Z,0