Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-4467

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 02 июл. 2024
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: redhat
CVSS3: 7.8
EPSS Низкий

ОписаниС

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a json:{} value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.

ΠžΡ‚Ρ‡Π΅Ρ‚

The impact of this vulnerability in OpenShift Virtualization is downgraded to Low due to the restrictions of the container environment it runs within. As a restricted user within the context of a restricted container, the external files that could be read or written to would already be accessible by an attacker and limited to within the container. CDI additionally uses memory and CPU limits to prevent uncontrolled resource consumption that could otherwise lead to a denial of service.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΠ°ΠΊΠ΅Ρ‚Ρ‹

ΠŸΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ°ΠŸΠ°ΠΊΠ΅Ρ‚Π‘ΠΎΡΡ‚ΠΎΡΠ½ΠΈΠ΅Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°Ρ†ΠΈΡΠ Π΅Π»ΠΈΠ·
Red Hat Enterprise Linux 10qemu-kvmNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/qemu-kvmAffected
Red Hat OpenShift Virtualization 4container-native-virtualization/virt-cdi-operator-rhel9Fix deferred
Advanced Virtualization for RHEL 8.2.1virtFixedRHSA-2024:472723.07.2024
Advanced Virtualization for RHEL 8.4.0.EUSvirtFixedRHSA-2024:472423.07.2024
Advanced Virtualization for RHEL 8.4.0.EUSvirt-develFixedRHSA-2024:472423.07.2024
Red Hat Enterprise Linux 8virt-develFixedRHSA-2024:442009.07.2024

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

Π”ΠΎΠΏΠΎΠ»Π½ΠΈΡ‚Π΅Π»ΡŒΠ½Π°Ρ информация

Бтатус:

Important
Π”Π΅Ρ„Π΅ΠΊΡ‚:
CWE-20->CWE-200
Π”Π΅Ρ„Π΅ΠΊΡ‚:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2278875qemu-kvm: 'qemu-img info' leads to host file read/write

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 9%
0.00034
Низкий

7.8 High

CVSS3

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-4467

CVSS3: 7.8
ubuntu
большС 1 года назад

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-4467

CVSS3: 7.8
nvd
большС 1 года назад

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.

msrc Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-4467

CVSS3: 7.8
msrc
7 мСсяцСв Π½Π°Π·Π°Π΄

ОписаниС отсутствуСт

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-4467

CVSS3: 7.8
debian
большС 1 года назад

A flaw was found in the QEMU disk image utility (qemu-img) 'info' comm ...

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2024:3396-1

suse-cvrf
ΠΎΠΊΠΎΠ»ΠΎ 1 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

Security update for qemu

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 9%
0.00034
Низкий

7.8 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2024-4467