Description

A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.

INFO

Published Date :

2024-04-09T19:34:45.646Z

Last Modified :

2025-05-02T23:02:59.338Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3446 vulnerability.

Vendors Products
Redhat
  • Advanced Virtualization
  • Enterprise Linux

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact