Unrated severityNVD Advisory· Published Sep 13, 2023· Updated Feb 13, 2025

Triggerable assertion due to race condition in hot-unplug

CVE-2023-3301

Description

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

Affected products

N/a/Qemuv5
Range: 8.1.0-rc0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2023-3301mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
security.netapp.com/advisory/ntap-20231020-0008/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000