CVE-2023-42467 in QEMU
Summary
by MITRE • 09/11/2023
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/02/2026
The vulnerability CVE-2023-42467 represents a critical division by zero error in the QEMU virtual machine emulator that affects versions through 8.0.0. This flaw exists within the SCSI disk emulation subsystem, specifically in the scsi_disk_reset function located in hw/scsi/scsi-disk.c. The issue arises from an insufficient validation mechanism that fails to properly handle block size parameters during SCSI mode selection operations. When a guest operating system attempts to configure SCSI disk parameters through mode selection commands, the system does not adequately validate that the block size value remains within acceptable bounds, creating a scenario where s->qdev.blocksize can be set to 256, which subsequently triggers the division by zero condition.
The technical execution of this vulnerability occurs when the scsi_disk_emulate_mode_select function processes incoming SCSI mode selection commands without proper validation of the block size parameter. This function fails to prevent the block size from being set to 256, which then causes a division by zero error when the scsi_disk_reset function attempts to perform calculations using this invalid block size value. The division by zero condition occurs because the system attempts to divide by the block size value, which becomes zero or an invalid value when improperly set to 256. This fundamental flaw in input validation creates an immediate system crash condition that terminates both the QEMU emulator and the guest operating system, effectively causing a denial of service attack against virtualized environments.
The operational impact of this vulnerability extends beyond simple denial of service, as it represents a critical stability issue that can be exploited by malicious actors to disrupt virtualized computing environments. When exploited, the vulnerability causes immediate system termination without proper error handling or graceful degradation, potentially leading to data loss or service interruption in production virtualized environments. The flaw affects any system running QEMU versions through 8.0.0 that utilizes SCSI disk emulation, making it particularly concerning for cloud providers, data centers, and organizations relying on virtualization technologies. This vulnerability directly maps to CWE-369: Division by Zero, which is categorized under the weakness type of input validation failures in the Common Weakness Enumeration system. The impact severity is compounded by the fact that this issue can be triggered through standard SCSI mode selection commands that are commonly used in normal operating conditions.
From an attack perspective, this vulnerability aligns with ATT&CK technique T1499.001: Endpoint Denial of Service, where adversaries can exploit system instability to cause service disruption. The vulnerability does not require elevated privileges to trigger, making it particularly dangerous as it can be exploited by unprivileged users within the guest operating system. Organizations using QEMU for virtualization must consider this vulnerability as a critical threat to their infrastructure stability, as it can be leveraged to create persistent denial of service conditions against virtual machines. The exploitability of this vulnerability is high due to the common usage of SCSI disk operations in virtualized environments, and the low complexity required to trigger the condition through standard SCSI commands.
The recommended mitigations for this vulnerability include immediate upgrading to QEMU versions that have patched this division by zero error, specifically versions beyond 8.0.0 where the scsi_disk_emulate_mode_select function properly validates block size parameters. System administrators should also implement monitoring solutions to detect unusual SCSI disk operations that might indicate exploitation attempts. Additionally, organizations should consider implementing virtual machine isolation measures and limiting guest operating system access to potentially problematic SCSI operations where possible. The patch for this vulnerability would typically involve adding proper validation checks within the scsi_disk_emulate_mode_select function to ensure that s->qdev.blocksize values remain within acceptable ranges, preventing the invalid value of 256 from being set and subsequently causing the division by zero error.