CVE-2024-3446
Severity CVSS v4.0:
Pending analysis
Type:
CWE-415
Double Free
Publication date:
09/04/2024
Last modified:
02/05/2025
Description
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
Impact
Base Score 3.x
8.20
Severity 3.x
HIGH
References to Advisories, Solutions, and Tools
- https://access.redhat.com/errata/RHSA-2024:6964
- https://access.redhat.com/security/cve/CVE-2024-3446
- https://bugzilla.redhat.com/show_bug.cgi?id=2274211
- https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/
- https://access.redhat.com/security/cve/CVE-2024-3446
- https://bugzilla.redhat.com/show_bug.cgi?id=2274211
- https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/
- https://security.netapp.com/advisory/ntap-20250502-0007/