Unrated severityNVD Advisory· Published Jan 2, 2024· Updated Feb 25, 2026
Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
CVE-2023-6693
Description
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the out_sg variable could be used to read a part of process memory and send it to the wire, causing an information leak.
Affected products
13- Red Hat/Red Hat Enterprise Linux 8 Advanced Virtualizationv5cpe:/a:redhat:advanced_virtualization:8::el8
cpe:/a:redhat:enterprise_linux:8::appstream+ 3 more
- cpe:/a:redhat:enterprise_linux:8::appstreamrange: 8100020240314161907.e155f54d
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 17:9.0.0-10.el9_5.3
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- osv-coords8 versionspkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweedpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 7.1.0-150500.49.12.1+ 7 more
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 8.2.1-1.1
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 3.1.1.1-75.1
- (no CPE)range: < 3.1.1.1-75.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- access.redhat.com/errata/RHSA-2024:2962mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:4492mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-6693mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.