Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-6505

Опубликовано: 05 июл. 2024
Источник: debian
EPSS Низкий

Описание

A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:9.0.2+ds-3package
qemufixed1:7.2+dfsg-7+deb12u8bookwormpackage
qemupostponedbullseyepackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2295760

  • Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/f1595ceb9aad36a6c1da95bcb77ab9509b38822d (v9.1.0-rc1)

  • Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/44ef533498db5078c4432a3f1e160ed5539d7d29 (v8.2.7)

  • Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/d2476ced2e34b661dded77d8774955b5a90fbda4 (v7.2.14)

  • Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/4474e37a5b3a616803f4570b542e8eede91e50d2 (v5.1.0-rc0)

EPSS

Процентиль: 29%
0.00102
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-6505

CVSS3: 6.8
ubuntu
около 1 года назад

A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.

redhat логотип

CVE-2024-6505

CVSS3: 6.8
redhat
около 1 года назад

A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.

nvd логотип

CVE-2024-6505

CVSS3: 6.8
nvd
около 1 года назад

A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.

msrc логотип

CVE-2024-6505

CVSS3: 6.8
msrc
4 месяца назад

Описание отсутствует

redos логотип

ROS-20241008-04

CVSS3: 6.8
redos
11 месяцев назад

Уязвимость qemu

EPSS

Процентиль: 29%
0.00102
Низкий