7.5

CVE-2024-7409

Qemu: denial of service via improper synchronization in qemu nbd server during socket closure

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/qemu/qemu
Paket qemu
Default Statusunknown
Version 7.2.0
Status unaffected
Version 8.2.0
Status unaffected
Version 9.0.0
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 8100020240905091210.489197e6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 8100020240905091210.489197e6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 17:9.0.0-10.el9_5
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.2 Extended Update Support
Default Statusaffected
Version 17:7.2.0-14.el9_2.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version 17:8.2.0-11.el9_4.8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.13
Default Statusaffected
Version 413.92.202411212100-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.13
Default Statusaffected
Version 413.92.202409180051-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.14
Default Statusaffected
Version 414.92.202411130444-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.15
Default Statusaffected
Version 415.92.202409162258-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.15
Default Statusaffected
Version 415.92.202411050056-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.16
Default Statusaffected
Version 416.94.202411261619-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.17
Default Statusaffected
Version 417.94.202411261220-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6
Default Statusunknown
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7
Default Statusunknown
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7
Default Statusunknown
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8 Advanced Virtualization
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8 Advanced Virtualization
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8 Advanced Virtualization
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8 Advanced Virtualization
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.03% 0.591
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-662 Improper Synchronization

The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

https://access.redhat.com/errata/RHSA-2024:6964
https://access.redhat.com/errata/RHSA-2024:6818
https://access.redhat.com/errata/RHSA-2024:10518
https://access.redhat.com/errata/RHSA-2024:10528
https://access.redhat.com/errata/RHSA-2024:10813
https://access.redhat.com/errata/RHSA-2024:6811
https://access.redhat.com/errata/RHSA-2024:7408
https://access.redhat.com/errata/RHSA-2024:8991
https://access.redhat.com/errata/RHSA-2024:9136
https://access.redhat.com/errata/RHSA-2024:9620
https://access.redhat.com/errata/RHSA-2024:9912
https://access.redhat.com/security/cve/CVE-2024-7409
https://bugzilla.redhat.com/show_bug.cgi?id=2302487
https://security.netapp.com/advisory/ntap-20250502-0008/
https://lists.debian.org/debian-lts-announce/2025/09/msg00011.html