Описание
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
A flaw was found in QEMU. A migration state inconsistency within the pcie_sriov emulation code allows an attacker with adjacent network access to trigger unexpected behavior. This condition arises from a state mismatch during migration processes, which can potentially lead to resource exhaustion. The vulnerability allows for exploitation via a malformed migration data stream. This issue can result in a denial of service.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | qemu-kvm | Fix deferred | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Not affected | ||
| Red Hat Enterprise Linux 8 | virt-devel:rhel/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 | virt:rhel/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.2/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt-devel:8.2/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 9 | qemu-kvm | Not affected |
Показывать по
Дополнительная информация
Статус:
4.2 Medium
CVSS3
Связанные уязвимости
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state incon ...
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
4.2 Medium
CVSS3