Vulnerability CVE-2024-3446: Information
Description
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
qemu | sisyphus | 8.2.3-alt1 | 8.2.4-alt1 | ALT-PU-2024-7560-2 | 347599 | Fixed |
qemu | sisyphus_loongarch64 | 8.2.3-alt1 | 8.2.3-alt1 | ALT-PU-2024-7731-1 | - | Fixed |
qemu | p11 | 8.2.3-alt1 | 8.2.3-alt1 | ALT-PU-2024-7560-2 | 347599 | Fixed |