cnvd - cnvd-2024-20282

cnvd-2024-20282

Vulnerability from cnvd

Title: QEMU资源管理错误漏洞（CNVD-2024-20282）

Description:

QEMU（Quick Emulator）是一套模拟处理器软件。该软件具有速度快、跨平台等特点。

QEMU virtio存在资源管理错误漏洞，该漏洞源于virtio-gpu、virtio-serial-bus、virtio-crypto中存在双重释放漏洞，mem_reentrancy_guard标志不足，攻击者可利用该漏洞使主机上的QEMU进程崩溃，从而导致拒绝服务或在主机上的QEMU进程上下文中执行任意代码。

Severity: 中

Patch Name: QEMU资源管理错误漏洞（CNVD-2024-20282）的补丁

Patch Description:

QEMU（Quick Emulator）是一套模拟处理器软件。该软件具有速度快、跨平台等特点。

Formal description:

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/

Reference: https://access.redhat.com/security/cve/CVE-2024-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2274211 https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/ https://cxsecurity.com/cveshow/CVE-2024-3446/

Impacted products

Name
Qemu QEMU

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-3446",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-3446"
    }
  },
  "description": "QEMU\uff08Quick Emulator\uff09\u662f\u4e00\u5957\u6a21\u62df\u5904\u7406\u5668\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u901f\u5ea6\u5feb\u3001\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\n\nQEMU virtio\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8evirtio-gpu\u3001virtio-serial-bus\u3001virtio-crypto\u4e2d\u5b58\u5728\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\uff0cmem_reentrancy_guard\u6807\u5fd7\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u4e3b\u673a\u4e0a\u7684QEMU\u8fdb\u7a0b\u5d29\u6e83\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u5728\u4e3b\u673a\u4e0a\u7684QEMU\u8fdb\u7a0b\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-20282",
  "openTime": "2024-04-18",
  "patchDescription": "QEMU\uff08Quick Emulator\uff09\u662f\u4e00\u5957\u6a21\u62df\u5904\u7406\u5668\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u901f\u5ea6\u5feb\u3001\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\r\n\r\nQEMU virtio\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8evirtio-gpu\u3001virtio-serial-bus\u3001virtio-crypto\u4e2d\u5b58\u5728\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\uff0cmem_reentrancy_guard\u6807\u5fd7\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u4e3b\u673a\u4e0a\u7684QEMU\u8fdb\u7a0b\u5d29\u6e83\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u5728\u4e3b\u673a\u4e0a\u7684QEMU\u8fdb\u7a0b\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "QEMU\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2024-20282\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Qemu QEMU"
  },
  "referenceLink": "https://access.redhat.com/security/cve/CVE-2024-3446\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2274211\r\nhttps://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/\r\nhttps://cxsecurity.com/cveshow/CVE-2024-3446/",
  "serverity": "\u4e2d",
  "submitTime": "2024-04-12",
  "title": "QEMU\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2024-20282\uff09"
}

CVE-2024-3446 (GCVE-0-2024-3446)

Vulnerability from cvelistv5

Published

2024-04-09 19:34

Modified

2025-05-02 23:02

Severity ?

8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-415 - Double Free

Summary

A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2024:6964	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-3446	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2274211	issue-tracking, x_refsource_REDHAT
	https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/

Impacted products

Vendor

Product

Version

▼

Red Hat

Red Hat Enterprise Linux 8

Unaffected: 8100020240905091210.489197e6   < *
    cpe:/a:redhat:enterprise_linux:8::crb
    cpe:/a:redhat:enterprise_linux:8::appstream

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 8100020240905091210.489197e6 < * cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8 Advanced Virtualization	cpe:/a:redhat:advanced_virtualization:8::el8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3446",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-18T15:34:27.301942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-30T15:40:41.752Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-02T23:02:59.338Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-3446"
          },
          {
            "name": "RHBZ#2274211",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274211"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "virt-devel:rhel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020240905091210.489197e6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "virt:rhel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020240905091210.489197e6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "qemu-kvm-ma",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_virtualization:8::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "virt:av/qemu-kvm",
          "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Xiao Lei, Yiming Tao, and Yongkang Jia for reporting this issue."
        }
      ],
      "datePublic": "2024-04-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "Double Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-24T07:53:41.023Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6964",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6964"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-3446"
        },
        {
          "name": "RHBZ#2274211",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274211"
        },
        {
          "url": "https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-09T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-04-04T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Qemu: virtio: dma reentrancy issue leads to double free vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-415: Double Free"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-3446",
    "datePublished": "2024-04-09T19:34:45.646Z",
    "dateReserved": "2024-04-08T07:32:08.366Z",
    "dateUpdated": "2025-05-02T23:02:59.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted