Back to bug 2215784
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Mauro Matteo Cascella | 2023-06-18 17:02:39 UTC | CC | security-response-team | |
| Mauro Matteo Cascella | 2023-06-18 17:18:34 UTC | Doc Text | A flaw was found in QEMU. The async nature of the hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. | |
| Mauro Matteo Cascella | 2023-06-18 17:19:46 UTC | Depends On | 2215787, 2215786, 2215788 | |
| Paige Jung | 2023-06-19 14:25:23 UTC | Doc Text | A flaw was found in QEMU. The async nature of the hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. | A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. |
| Red Hat Bugzilla | 2023-07-07 08:35:03 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team | security-response-team | ||
| Mauro Matteo Cascella | 2023-08-01 13:05:40 UTC | CC | eglynn, jjoyce, jschluet, lhh, mburns, mgarciac, mkenneth, pgrist, virt-maint | |
| Group | qe_staff, security | |||
| Summary | EMBARGOED CVE-2023-3301 QEMU: net: triggerable assertion due to race condition in hot-unplug | CVE-2023-3301 QEMU: net: triggerable assertion due to race condition in hot-unplug | ||
| Mauro Matteo Cascella | 2023-08-01 13:09:36 UTC | Depends On | 2228125 | |
| Mauro Matteo Cascella | 2023-08-01 13:13:01 UTC | Fixed In Version | qemu 8.1.0-rc0 |
Back to bug 2215784