A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Tue, 22 Oct 2024 05:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 29 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 13 Aug 2024 10:45:00 +0000

Type Values Removed Values Added
Title Qemu: virtio-pci: improper release of configure vector leads to guest triggerable crash Qemu-kvm: virtio-pci: improper release of configure vector leads to guest triggerable crash

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-26T06:32:50.164Z

Reserved: 2024-05-09T14:49:40.107Z

Link: CVE-2024-4693

cve-icon Vulnrichment

Updated: 2024-08-28T15:02:50.339Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-14T15:44:26.070

Modified: 2024-11-21T09:43:23.560

Link: CVE-2024-4693

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-10T00:00:00Z

Links: CVE-2024-4693 - Bugzilla

cve-icon OpenCVE Enrichment

No data.