CVE-2023-6693: 
NixOS vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability (CVE-2023-6693) was discovered in the virtio-net device of QEMU. The vulnerability was disclosed on January 2, 2024, affecting QEMU versions prior to 8.2.1. The issue occurs when flushing TX in the virtio_net_flush_tx function when specific guest features (VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1, and VIRTIO_NET_F_MRG_RXBUF) are enabled (NVD, Red Hat Bugzilla).

The vulnerability occurs while copying data to mhdr, a local variable of type virtio_net_hdr_mrg_rxbuf, during the TX flushing process. When the specified guest features are enabled, n->guest_hdr_len is set to sizeof(struct virtio_net_hdr_v1_hash), which exceeds sizeof(virtio_net_hdr_mrg_rxbuf). The CVSS v3.1 base score is 5.3 (Medium) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (NVD).

The vulnerability could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the out_sg variable could be exploited to read parts of process memory and transmit it to the wire, resulting in information leakage. This could potentially lead to disclosure of sensitive information, modification of data, or denial of service (NetApp Advisory).

The vulnerability has been patched in QEMU version 8.2.1. The fix was implemented through an upstream patch and commit to the QEMU project. Users are advised to upgrade to the patched version. For Red Hat Enterprise Linux 8 users, the fix is available through RHSA-2024:2962 (Red Hat Bugzilla, Red Hat Advisory).