Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-2700

Published: 15 May 2023

A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.

Notes

AuthorNote
mdeslaur
looks like this was introduced in:
c97518d9b833a607f29b9bb02e3fbe74c011c088

Priority

Medium

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
jammy
Released (8.0.0-1ubuntu7.5)
kinetic
Released (8.6.0-0ubuntu3.2)
lunar
Released (9.0.0-2ubuntu1.1)
upstream
Released (9.3.0)
trusty Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H