CVE-2024-3446

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Apr 9, 2024

Updated: Apr 18, 2024

CWE ID 415

Summary

CVE-2024-3446 is a vulnerability affecting QEMU virtio devices, including virtio-gpu, virtio-serial-bus, and virtio-crypto. The issue involves insufficient protection against DMA reentrancy in the mem_reentrancy_guard flag. This weakness allows a privileged guest user to reenter memory accesses, leading to a denial of service by crashing the QEMU process on the host. In more serious cases, this vulnerability could potentially enable arbitrary code execution within the context of the QEMU process on the host.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vSTXgo
https://www.cve.org/CVERecord?id=CVE-2024-3446
https://nvd.nist.gov/vuln/detail/CVE-2024-3446

Back to Vulnerability Database

CVE-2024-3446

CVSS 3.1 Score 8.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations