CVE-2024-4693

A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-4693
https://bugzilla.redhat.com/show_bug.cgi?id=2279965
https://access.redhat.com/security/cve/CVE-2024-4693
https://bugzilla.redhat.com/show_bug.cgi?id=2279965
https://security.netapp.com/advisory/ntap-20240828-0007/

Configurations

No configuration.

History

21 Nov 2024, 09:43

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240828-0007/ -
References	~~() https://access.redhat.com/security/cve/CVE-2024-4693 -~~	() https://access.redhat.com/security/cve/CVE-2024-4693 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2279965 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2279965 -
Summary		(es) Se encontró una falla en los enlaces QEMU Virtio PCI (hw/virtio/virtio-pci.c). Una liberación y un uso inadecuados del irqfd para el vector 0 durante el proceso de arranque provocan un fallo desencadenable por el invitado a través de vhost_net_stop(). Esta falla permite que un invitado malintencionado bloquee el proceso QEMU en el host.

14 May 2024, 15:44

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 15:44

Updated : 2024-11-21 09:43

NVD link : CVE-2024-4693

Mitre link : CVE-2024-4693

CVE.ORG link : CVE-2024-4693

JSON object : View

Products Affected

No product.

CWE

CWE-672

Operation on a Resource after Expiration or Release

5.5 /10