cve 2023 0330

CVE-2023-0330 is a high-severity vulnerability in QEMU's LSI Logic SCSI device emulation that allows a malicious guest to crash the host process via DMA MMIO reentrancy. The flaw triggers a stack overflow or use-after-free condition, leading to an availability impact on the host and all its virtual machines. Exploitation requires local guest privileges and careful triggering, but successful attacks reliably crash the qemu process. Patching and mitigation are essential for environments running untrusted or multi-tenant virtual machines. This tag covers discussions about the vulnerability's technical details, impact, and remediation steps for Windows and Linux hosts using QEMU.