5.5

CVE-2024-0340

Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()

A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.4
LinuxLinux Kernel Version6.4 Updaterc1
LinuxLinux Kernel Version6.4 Updaterc2
LinuxLinux Kernel Version6.4 Updaterc3
LinuxLinux Kernel Version6.4 Updaterc4
LinuxLinux Kernel Version6.4 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.144
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
secalert@redhat.com 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://access.redhat.com/errata/RHSA-2024:3618
https://access.redhat.com/errata/RHSA-2024:3627
https://access.redhat.com/errata/RHSA-2024:9315
https://access.redhat.com/security/cve/CVE-2024-0340
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2257406
Patch
Third Party Advisory
Issue Tracking
https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/
Patch
Mailing List
https://access.redhat.com/errata/RHSA-2025:7526