7.5

CVE-2024-7409

Qemu: denial of service via improper synchronization in qemu nbd server during socket closure

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/qemu/qemu
Paket qemu
Default Statusunknown
Version 7.2.0
Status unaffected
Version 8.2.0
Status unaffected
Version 9.0.0
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 8100020240905091210.489197e6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 8100020240905091210.489197e6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 17:9.0.0-10.el9_5
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.2 Extended Update Support
Default Statusaffected
Version 17:7.2.0-14.el9_2.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version 17:8.2.0-11.el9_4.8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.13
Default Statusaffected
Version 413.92.202411212100-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.13
Default Statusaffected
Version 413.92.202409180051-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.14
Default Statusaffected
Version 414.92.202411130444-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.15
Default Statusaffected
Version 415.92.202409162258-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.15
Default Statusaffected
Version 415.92.202411050056-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.16
Default Statusaffected
Version 416.94.202411261619-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.17
Default Statusaffected
Version 417.94.202411261220-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6
Default Statusunknown
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7
Default Statusunknown
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7
Default Statusunknown
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8 Advanced Virtualization
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8 Advanced Virtualization
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8 Advanced Virtualization
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8 Advanced Virtualization
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.7% 0.824
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-662 Improper Synchronization

The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.