Vulnerability CVE-2024-3446: Information

Description

A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-3446
Published: April 9, 2024
Modified: April 18, 2024
Error type identifier: CWE-415

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
qemusisyphus8.2.3-alt18.2.4-alt1ALT-PU-2024-7560-2347599Fixed
qemusisyphus_loongarch648.2.3-alt18.2.3-alt1ALT-PU-2024-7731-1-Fixed
qemup118.2.3-alt18.2.3-alt1ALT-PU-2024-7560-2347599Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/CVE-2024-3446
    RHBZ#2274211
      https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.3
        Back to top