The QEMU flaw CVE-2021-3750 (bug 1999073) was declared fixed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2022:7967, released on Nov 15, 2022: https://access.redhat.com/errata/RHSA-2022:7967 However, the erratum included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750. The CVE-2023-2680 was assigned to this incomplete fix and it is specific to the qemu-kvm packages produced by Red Hat. This issue and CVE-ID is not applicable to any upstream QEMU version or QEMU packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages. For more information about the original flaw, refer to the CVE page or bug linked above.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6368 https://access.redhat.com/errata/RHSA-2023:6368