CVE-2023-42467

Published: September 11, 2023Last modified: September 11, 2023

Description

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

Severity score breakdown

Parameter	Value
Base score	5.5
Attack Vector	LOCAL
Attack complexity	LOW
Privileges required	LOW
User interaction	NONE
Scope	UNCHANGED
Confidentiality	NONE
Integrity impact	NONE
Availability impact	HIGH
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	qemu	Vulnerable (7.1.0-r4)
Alpaquita Linux	Stream	qemu	Vulnerable (8.0.2-r0)

References

https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab800959716738aff9419f53fc68c9c
https://gitlab.com/qemu-project/qemu/-/issues/1813
https://gitlab.com/thuth/qemu/-/commit/3f91104484e5bf55b56d7e1b039a4a5a17d0c1a7
https://security.netapp.com/advisory/ntap-20231103-0005/

Alpaquita Cloud
Native Platform

Pricing

Alpaquita

Alpaquita Container

Liberica JDK

Liberica JDK 6&7

Liberica JDK for Embedded

Liberica JDK
Performance Edition

Liberica JDK with CRaC

Liberica Native Image Kit

Liberica Mission Control

Liberica Administration Center

Blog

Documentation

Download Liberica JDK

Download Liberica Native Image Kit

Download Alpaquita Linux

CVE-2023-42467

Description

Severity score breakdown

Status

References

Alpaquita Cloud Native Platform

Pricing

Alpaquita

Alpaquita Container

Liberica JDK

Liberica JDK 6&7

Liberica JDK for Embedded

Liberica JDKPerformance Edition

Liberica JDK with CRaC

Liberica Native Image Kit

Liberica Mission Control

Liberica Administration Center

Blog

Documentation

Download Liberica JDK

Download Liberica Native Image Kit

Download Alpaquita Linux

CVE-2023-42467

Description

Severity score breakdown

Status

References

Alpaquita Cloud
Native Platform

Liberica JDK
Performance Edition