A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-09T19:34:45.646Z
Updated: 2024-09-13T21:21:16.352Z
Reserved: 2024-04-08T07:32:08.366Z
Link: CVE-2024-3446
Vulnrichment
Updated: 2024-08-01T20:12:07.321Z
NVD
Status : Awaiting Analysis
Published: 2024-04-09T20:15:10.450
Modified: 2024-04-18T08:15:38.340
Link: CVE-2024-3446
Redhat