CVE-2023-2700

Publication date 15 May 2023

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.5 · Medium

Score breakdown

A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.

Read the notes from the security team

Status

Package Ubuntu Release Status
libvirt 23.04 lunar
Fixed 9.0.0-2ubuntu1.1
22.10 kinetic
Fixed 8.6.0-0ubuntu3.2
22.04 LTS jammy
Fixed 8.0.0-1ubuntu7.5
20.04 LTS focal
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected

Notes

mdeslaur

looks like this was introduced in: c97518d9b833a607f29b9bb02e3fbe74c011c088

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
libvirt

Severity score breakdown

Parameter Value
Base score 5.5 · Medium
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

Other references