What is CVE-2023-2680?

CVE-2023-2680 is a high-severity vulnerability in Fedora Extra Packages For Enterprise Linux, classified under Use After Free. CVSS score: 7.5/10. Published 2023-09-13.

How severe is CVE-2023-2680?

High severity. CVSS v3 base score is 7.5 out of 10.

Use After Free in Fedora Extra Packages For Enterprise Linux

CVE-2023-2680

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CV…

Vulnerability class: Use-After-Free

EPSS: 0.000 (10.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

CWE-416 — Use After Free

References

access.redhat.com/security/cve/CVE-2023-2680 (vdb-entry, x_refsource_REDHAT)
RHBZ#2203387 (issue-tracking, x_refsource_REDHAT)
security.netapp.com/advisory/ntap-20231116-0001/

Frequently asked questions

What is CVE-2023-2680?: CVE-2023-2680 is a high-severity vulnerability in Fedora Extra Packages For Enterprise Linux, classified under Use After Free. CVSS score: 7.5/10. Published 2023-09-13.
How severe is CVE-2023-2680?: High severity. CVSS v3 base score is 7.5 out of 10.